networking config: support setting resolv.conf options

Closes: #11372

nixos/modules/config/networking.nix

@@ -11,6 +11,11 @@ let
                    config.services.dnsmasq.resolveLocalQueries;
   hasLocalResolver = config.services.bind.enable || dnsmasqResolve;
 
+  resolvconfOptions =
+    builtins.replaceStrings ["\n"] [" "]
+      (cfg.resolvconfOptions +
+      (optionalString cfg.dnsSingleRequest " single-request") +
+      (optionalString cfg.dnsExtensionMechanism " ends0"));
 in
 
 {
@@ -59,6 +64,14 @@ in
       '';
     };
 
+    networking.resolvconfOptions = lib.mkOption {
+      type = types.lines;
+      default = "";
+      example = "ndots:1 rotate";
+      description = ''
+        Set the options in <filename>/etc/resolv.conf</filename>.
+      '';
+    };
 
     networking.proxy = {
 
@@ -171,12 +184,9 @@ in
               # Invalidate the nscd cache whenever resolv.conf is
               # regenerated.
               libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null'
-            '' + optionalString cfg.dnsSingleRequest ''
+            '' + optionalString ((stringLength resolvconfOptions) > 0) ''
-              # only send one DNS request at a time
+              # Options as described in resolv.conf(5)
-              resolv_conf_options+=' single-request'
+              resolv_conf_options='${resolvconfOptions}'
-            '' + optionalString cfg.dnsExtensionMechanism ''
-              # enable extension mechanisms for DNS
-              resolv_conf_options+=' edns0'
             '' + optionalString hasLocalResolver ''
               # This hosts runs a full-blown DNS resolver.
               name_servers='127.0.0.1'