fix(sj-srv1,containers, systemd-resolved): resolve via dhcp, host, and never use fallbacks

nix/os/profiles/containers/configuration.nix

@@ -1,16 +1,29 @@
-{pkgs, ...}: {
+{
+  hostAddress,
+  pkgs,
+  lib,
+  ...
+}: {
   networking.useHostResolvConf = false;
 
   networking.firewall.enable = true;
   networking.nftables.enable = true;
   networking.nftables.flushRuleset = true;
 
+  networking.nameservers = lib.mkForce [hostAddress];
+
   environment.systemPackages = [
     pkgs.dnsutils
   ];
 
   imports = [
-    ../../snippets/systemd-resolved.nix
+    {
+      # keep DNS set up to a minimum: only query the container host
+      services.resolved.enable = lib.mkForce false;
+      networking.nameservers = [
+        hostAddress
+      ];
+    }
     ../../snippets/nix-settings.nix
     # ../../modules/ddclient-ovh.nix
     # ../../modules/ddclient-hetzner.nix