sstent/vmimages
1
0
Fork 0
mirror of https://github.com/sstent/vmimages.git synced 2026-02-08 05:22:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

addin ssh key

Browse Source
This commit is contained in:
sstent
2023-11-21 14:00:06 +00:00
parent 4178372853
commit 54c3d889ab
33 changed files with 873 additions and 829 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
modules/nixos/vpn/default.nix
View File

@@ -1,41 +1,38 @@
{ lib, pkgs, config, ... }:
with lib;
{
lib,
pkgs,
config,
...
}:
with lib; let
secretstore = config._secretstore;
host = config.networking.hostName;
let
secretstore = config._secretstore;
host = config.networking.hostName;
cfg = config.custom.mullvad;
secret = if builtins.pathExists "${secretstore}/hosts/${host}/mullvad/device.json" then
./secrets.nix
else
{ };
cfg = config.custom.mullvad;
secret =
if builtins.pathExists "${secretstore}/hosts/${host}/mullvad/device.json"
then ./secrets.nix
else {};
in {
#define option to enable this
#define option to enable this
options.custom.mullvad.enable = mkEnableOption "Enable SSH";
# imports = [ secret ];
config = mkIf cfg.enable {
networking.wireguard.enable = true;
services.mullvad-vpn.enable = true;
networking.wireguard.enable = true;
services.mullvad-vpn.enable = true;
# set some options after every daemon start
# to avoid accidentally leaving unsafe settings
systemd.services."mullvad-daemon" = {
postStart = ''
while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
${pkgs.mullvad}/bin/mullvad lan set allow #enable local lan access
${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard
${pkgs.mullvad}/bin/mullvad relay set location ca mtr
'';
# to avoid accidentally leaving unsafe settings
systemd.services."mullvad-daemon" = {
postStart = ''
while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
${pkgs.mullvad}/bin/mullvad lan set allow #enable local lan access
${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard
${pkgs.mullvad}/bin/mullvad relay set location ca mtr
'';
};
};
};
}
}

41
modules/nixos/vpn/secrets.nix
View File

@@ -1,23 +1,18 @@
{ lib, pkgs, config, ... }:
with lib;
let
secretstore = config._secretstore;
host = config.networking.hostName;
secretpath = "${secretstore}/hosts/${host}/mullvad/device.json";
in {
sops.secrets.device_json= {
sopsFile = "${secretstore}/hosts/${host}/mullvad/device.json";
device_json.format = "binary";
};
environment.etc."mullvad-vpn/device.conf".source = config.sops.secrets.device_json.path;
}
{
lib,
pkgs,
config,
...
}:
with lib; let
secretstore = config._secretstore;
host = config.networking.hostName;
secretpath = "${secretstore}/hosts/${host}/mullvad/device.json";
in {
sops.secrets.device_json = {
sopsFile = "${secretstore}/hosts/${host}/mullvad/device.json";
device_json.format = "binary";
};
environment.etc."mullvad-vpn/device.conf".source = config.sops.secrets.device_json.path;
}