falkenstein: fix dkim record and wireguard dns

hosts/falkenstein/modules/networks/default.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 {
   age.secrets = {
     "wireguard/dorm/private" = {
@@ -11,6 +11,12 @@
     };
 
   };
+  environment.systemPackages = with pkgs; [
+    mtr
+    inetutils
+    dnsutils
+    wireguard-tools
+  ];
   networking = {
     hostName = "falkenstein";
     nftables.enable = true;
@@ -18,6 +24,7 @@
     useNetworkd = true;
     enableIPv6 = true;
     firewall = {
+      allowedUDPPorts = [ 51820 ];
       extraInputRules = ''
         ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
       '';
@@ -31,10 +38,6 @@
       "2620:fe::fe"
       "2620:fe::9"
     ];
-    extraConfig = ''
-      [Resolve]
-      DNSStubListener=no
-    '';
   };
   systemd.network = {
     enable = true;
@@ -86,8 +89,9 @@
       matchConfig.Name = "wg0";
       networkConfig = {
         Address = "192.168.43.4/32";
-        DNS = "192.168.42.1";
-        DNSSEC = true;
+        DNS = "192.168.43.1";
+        Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa";
+        DNSSEC = false;
         BindCarrier = [ "ens3" ];
       };
     };