diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix
index 6857930..099d65d 100644
--- a/nixos/agares/configuration.nix
+++ b/nixos/agares/configuration.nix
@@ -16,7 +16,6 @@
 
   dadada = {
     admin.enable = true;
-    networking.localResolver.enable = true;
   };
 
   services.smartd.enable = true;
diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix
index 3e5940a..01f98c9 100644
--- a/nixos/gorgon/configuration.nix
+++ b/nixos/gorgon/configuration.nix
@@ -72,12 +72,6 @@ in
   dadada = {
     steam.enable = true;
     yubikey.enable = true;
-
-    networking = {
-      enableBsShare = true;
-      vpnExtension = "3";
-    };
-    sway.enable = false;
   };
 
   programs.adb.enable = true;
@@ -187,6 +181,24 @@ in
     ];
   };
 
+  # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html
+  systemd.timers.wg-reresolve-dns = {
+    wantedBy = [ "timers.target" ];
+    partOf = [ "wg-reresolve-dns.service" ];
+    timerConfig.OnCalendar = "hourly";
+  };
+
+  systemd.services.wg-reresolve-dns =
+    let
+      vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI=";
+    in
+    {
+      serviceConfig.Type = "oneshot";
+      script = ''
+        ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48
+      '';
+    };
+
   #networking.wg-quick.interfaces.mullvad = {
   #  address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ];
   #  privateKeyFile = "/var/lib/wireguard/mullvad";
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index e558aa2..6d8f98b 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -9,7 +9,6 @@
   headphones = import ./headphones.nix;
   homepage = import ./homepage.nix;
   miniflux = import ./miniflux.nix;
-  networking = import ./networking.nix;
   inputs = import ./inputs.nix;
   nixpkgs = import ./nixpkgs.nix;
   packages = import ./packages.nix;
diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix
deleted file mode 100644
index b58fb2d..0000000
--- a/nixos/modules/networking.nix
+++ /dev/null
@@ -1,167 +0,0 @@
-{ config
-, pkgs
-, lib
-, ...
-}:
-with lib; let
-  cfg = config.dadada.networking;
-  vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI=";
-in
-{
-  options = {
-    dadada.networking = {
-      localResolver = {
-        enable = mkEnableOption "Enable local caching name server";
-        uwu = mkEnableOption "Enable uwupn";
-        s0 = mkEnableOption "Enable s0";
-      };
-      wanInterfaces = mkOption {
-        type = with types; listOf str;
-        description = "WAN network interfaces";
-        default = [ ];
-      };
-      vpnExtension = mkOption {
-        type = with types; nullOr str;
-        description = "Last part of VPN address";
-        default = null;
-      };
-      enableBsShare = mkEnableOption "Enable network share at BS location";
-    };
-  };
-
-  config = {
-    networking.resolvconf.useLocalResolver = mkIf cfg.localResolver.enable true;
-    networking.networkmanager.dns = mkIf cfg.localResolver.enable "unbound";
-
-    services.unbound = mkIf cfg.localResolver.enable {
-      enable = true;
-      localControlSocketPath = "/run/unbound/unbound.ctl";
-      settings = {
-        server = {
-          prefer-ip6 = true;
-
-          prefetch = true;
-          prefetch-key = true;
-          serve-expired = false;
-
-          aggressive-nsec = true;
-          hide-identity = true;
-          hide-version = true;
-
-          use-caps-for-id = true;
-
-          private-address = [
-            "127.0.0.0/8"
-            "10.0.0.0/8"
-            "172.16.0.0/12"
-            "192.168.0.0/16"
-            "169.254.0.0/16"
-            "fd00::/8"
-            "fe80::/10"
-            "::ffff:0:0/96"
-          ];
-          private-domain = [
-            "dadada.li"
-            (mkIf cfg.localResolver.uwu "uwu")
-            (mkIf cfg.localResolver.s0 "space.stratum0.net")
-            (mkIf cfg.localResolver.s0 "s0")
-          ];
-          domain-insecure = [
-            "dadada.li"
-            (mkIf cfg.localResolver.uwu "uwu")
-            (mkIf cfg.localResolver.s0 "space.stratum0.net")
-            (mkIf cfg.localResolver.s0 "s0")
-          ];
-          interface = [
-            "127.0.0.1"
-            "::1"
-          ];
-        };
-        forward-zone = [
-          {
-            name = ".";
-            forward-tls-upstream = "yes";
-            forward-addr = [
-              "2620:fe::fe@853#dns.quad9.net"
-              "2620:fe::9@853#dns.quad9.net"
-              "9.9.9.9@853#dns.quad9.net"
-              "149.112.112.112@853#dns.quad9.net"
-            ];
-          }
-          (
-            mkIf cfg.localResolver.uwu {
-              name = "uwu.";
-              forward-addr = [
-                "fc00:1337:dead:beef::10.11.0.1"
-                "10.11.0.1"
-              ];
-            }
-          )
-          (
-            mkIf cfg.localResolver.s0 {
-              name = "space.stratum0.net.";
-              forward-addr = [
-                "192.168.178.1"
-              ];
-            }
-          )
-          (
-            mkIf cfg.localResolver.s0 {
-              name = "s0.";
-              forward-addr = [
-                "192.168.178.1"
-              ];
-            }
-          )
-          {
-            name = "dyn.dadada.li.";
-            forward-addr = [
-              "fd42:9c3b:f96d:201::1"
-            ];
-          }
-        ];
-      };
-    };
-
-    networking.useDHCP = false;
-
-    networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i:
-      nameValuePair i {
-        useDHCP = true;
-      }));
-
-    networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
-      dadada = {
-        ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" "192.168.120.${cfg.vpnExtension}/24" ];
-        listenPort = 51234;
-        privateKeyFile = "/var/lib/wireguard/privkey";
-        postSetup = ''
-          ${pkgs.systemd}/bin/resolvectl domain dadada ~bs.dadada.li
-          ${pkgs.systemd}/bin/resolvectl dns dadada fd42:9c3b:f96d:201::
-          ${pkgs.systemd}/bin/resolvectl dnssec dadada false
-        '';
-        peers = [
-          {
-            publicKey = vpnPubKey;
-            allowedIPs = [ "fd42:9c3b:f96d::/48" "192.168.0.0/17" ];
-            endpoint = "vpn.dadada.li:51234";
-            persistentKeepalive = 25;
-          }
-        ];
-      };
-    };
-
-    # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html
-    systemd.timers.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) {
-      wantedBy = [ "timers.target" ];
-      partOf = [ "wg-reresolve-dns.service" ];
-      timerConfig.OnCalendar = "hourly";
-    };
-    systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) {
-      serviceConfig.Type = "oneshot";
-      script = ''
-        ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48
-      '';
-    };
-  };
-}
diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
index ad83c1d..d6b9ef9 100644
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@@ -50,6 +50,9 @@ in
   };
 
   networking.networkmanager.dns = mkDefault "systemd-resolved";
-  services.resolved.enable = mkDefault true;
+  services.resolved = {
+    enable = mkDefault true;
+    fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ];
+  };
 }