sj-vps-htz0,containers/dns: remove IPv6, opportunistic TLS

nix/os/snippets/systemd-resolved.nix

@@ -0,0 +1,21 @@
+{
+  networking.nameservers = [
+    # https://dnsforge.de/
+    "176.9.93.198"
+    "176.9.1.117"
+
+    # TODO: enable IPv6
+    # "2a01:4f8:151:34aa::198"
+    # "2a01:4f8:141:316d::117"
+  ];
+
+  services.resolved = {
+    enable = true;
+    dnssec = "true";
+    domains = ["~."];
+    extraConfig = ''
+      # TODO: figure out why "true" doesn't work
+      DNSOverTLS=opportunistic
+    '';
+  };
+}