mirror of
https://github.com/sstent/vmimages.git
synced 2026-01-25 06:31:35 +00:00
fix
This commit is contained in:
72
modules/nixos/vpn/default.nix
Normal file
72
modules/nixos/vpn/default.nix
Normal file
@@ -0,0 +1,72 @@
|
||||
{ lib, pkgs, config, hostName,... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.custom.mullvad;
|
||||
secretstore = config._secretstore;
|
||||
|
||||
in {
|
||||
|
||||
#define option to enable this
|
||||
options.custom.mullvad.enable = mkEnableOption "Enable SSH";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking.wireguard.enable = true;
|
||||
services.mullvad-vpn.enable = true;
|
||||
|
||||
sops.secrets.device_json = {
|
||||
sopsFile = "${secretstore}/hosts/${hostName}/mullvad/device.json";
|
||||
format = "binary";
|
||||
};
|
||||
|
||||
environment.etc."mullvad-vpn/device.conf".source = config.sops.secrets.device_json.path;
|
||||
|
||||
# set some options after every daemon start
|
||||
# to avoid accidentally leaving unsafe settings
|
||||
systemd.services."mullvad-daemon" = {
|
||||
postStart = ''
|
||||
while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
|
||||
${pkgs.mullvad}/bin/mullvad lan set allow #enable local lan access
|
||||
${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard
|
||||
${pkgs.mullvad}/bin/mullvad relay set location ca mtr
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
|
||||
};
|
||||
}
|
||||
# secrets = hm_secrets "${secretstore}/user_dotfiles/${username}@${hostName}/keybase/" "${config.xdg.configHome}/keybase/";
|
||||
#
|
||||
|
||||
# { config, pkgs, ... }:
|
||||
|
||||
# {
|
||||
# age.secrets.mullvad.file = ../secrets/mullvad.age;
|
||||
|
||||
# networking.wireguard.enable = true;
|
||||
|
||||
# services.mullvad-vpn.enable = true;
|
||||
|
||||
# # set some options after every daemon start
|
||||
# # to avoid accidentally leaving unsafe settings
|
||||
# systemd.services."mullvad-daemon" = {
|
||||
# serviceConfig.LoadCredential =
|
||||
# [ "account:${config.age.secrets.mullvad.path}" ];
|
||||
# postStart = ''
|
||||
# while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
|
||||
# account="$(<"$CREDENTIALS_DIRECTORY/account")"
|
||||
# current_account="$(${pkgs.mullvad}/bin/mullvad account get | grep "account:" | sed 's/.* //')"
|
||||
# if [[ "$current_account" != "$account" ]]; then
|
||||
# ${pkgs.mullvad}/bin/mullvad account login "$account"
|
||||
# fi
|
||||
# ${pkgs.mullvad}/bin/mullvad always-require-vpn set on
|
||||
# ${pkgs.mullvad}/bin/mullvad dns set default \
|
||||
# --block-ads --block-trackers --block-malware
|
||||
# ${pkgs.mullvad}/bin/mullvad lan set allow
|
||||
# ${pkgs.mullvad}/bin/mullvad tunnel ipv6 set on
|
||||
# ${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard
|
||||
# ${pkgs.mullvad}/bin/mullvad relay set location de dus
|
||||
# '';
|
||||
# };
|
||||
# }
|
||||
Reference in New Issue
Block a user