diff --git a/modules/networking/default.nix b/modules/networking/default.nix
index 1065c268..099c705e 100644
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 
 with lib;
 
@@ -8,15 +8,14 @@ let
   hostnameRegEx = ''^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'';
 
   emptyList = lst: if lst != [] then lst else ["empty"];
-  quoteStrings = concatMapStringsSep " " (str: "'${str}'");
 
   setNetworkServices = optionalString (cfg.knownNetworkServices != []) ''
     networkservices=$(networksetup -listallnetworkservices)
     ${concatMapStringsSep "\n" (srv: ''
       case "$networkservices" in
-        *'${srv}'*)
-          networksetup -setdnsservers '${srv}' ${quoteStrings (emptyList cfg.dns)}
-          networksetup -setsearchdomains '${srv}' ${quoteStrings (emptyList cfg.search)}
+        *${lib.escapeShellArg srv}*)
+          networksetup -setdnsservers ${lib.escapeShellArgs ([ srv ] ++ (emptyList cfg.dns))}
+          networksetup -setsearchdomains ${lib.escapeShellArgs ([ srv ] ++ (emptyList cfg.search))}
           ;;
       esac
     '') cfg.knownNetworkServices}
diff --git a/tests/networking-networkservices.nix b/tests/networking-networkservices.nix
index 46213175..a6573424 100644
--- a/tests/networking-networkservices.nix
+++ b/tests/networking-networkservices.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, ... }:
 
 {
   networking.knownNetworkServices = [ "Wi-Fi" "Thunderbolt Ethernet" ];
@@ -6,10 +6,10 @@
 
   test = ''
     echo checking dns settings in /activate >&2
-    grep "networksetup -setdnsservers 'Wi-Fi' '8.8.8.8' '8.8.4.4'" ${config.out}/activate
-    grep "networksetup -setdnsservers 'Thunderbolt Ethernet' '8.8.8.8' '8.8.4.4'" ${config.out}/activate
+    grep "networksetup -setdnsservers ${lib.escapeShellArgs [ "Wi-Fi" "8.8.8.8" "8.8.4.4" ]}" ${config.out}/activate
+    grep "networksetup -setdnsservers ${lib.escapeShellArgs [ "Thunderbolt Ethernet" "8.8.8.8" "8.8.4.4" ]}" ${config.out}/activate
     echo checking empty searchdomain settings in /activate >&2
-    grep "networksetup -setsearchdomains 'Wi-Fi' 'empty'" ${config.out}/activate
-    grep "networksetup -setsearchdomains 'Thunderbolt Ethernet' 'empty'" ${config.out}/activate
+    grep "networksetup -setsearchdomains ${lib.escapeShellArgs [ "Wi-Fi" "empty" ]}" ${config.out}/activate
+    grep "networksetup -setsearchdomains ${lib.escapeShellArgs [ "Thunderbolt Ethernet" "empty" ]}" ${config.out}/activate
   '';
 }