fixing fitbit

modules/nixos/vpn/default.nix

@@ -0,0 +1,38 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; let
+  secretstore = config._secretstore;
+  host = config.networking.hostName;
+
+  cfg = config.custom.mullvad;
+
+  secret =
+    if builtins.pathExists "${secretstore}/hosts/${host}/mullvad/device.json"
+    then ./secrets.nix
+    else {};
+in {
+  #define option to enable this
+  options.custom.mullvad.enable = mkEnableOption "Enable SSH";
+
+  # imports = [ secret ];
+
+  config = mkIf cfg.enable {
+    networking.wireguard.enable = true;
+    services.mullvad-vpn.enable = true;
+
+    # set some options after every daemon start
+    # to avoid accidentally leaving unsafe settings
+    systemd.services."mullvad-daemon" = {
+      postStart = ''
+        while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
+        ${pkgs.mullvad}/bin/mullvad lan set allow   #enable local lan access
+        ${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard
+        ${pkgs.mullvad}/bin/mullvad relay set location ca mtr
+      '';
+    };
+  };
+}

modules/nixos/vpn/secrets.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+with lib; let
+  secretstore = config._secretstore;
+  host = config.networking.hostName;
+  secretpath = "${secretstore}/hosts/${host}/mullvad/device.json";
+in {
+  sops.secrets.device_json = {
+    sopsFile = "${secretstore}/hosts/${host}/mullvad/device.json";
+    device_json.format = "binary";
+  };
+
+  environment.etc."mullvad-vpn/device.conf".source = config.sops.secrets.device_json.path;
+}