mirror of
https://github.com/sstent/vmimages.git
synced 2026-01-25 22:51:49 +00:00
39 lines
998 B
Nix
39 lines
998 B
Nix
{
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
...
|
|
}:
|
|
with lib; let
|
|
secretstore = config._secretstore;
|
|
host = config.networking.hostName;
|
|
|
|
cfg = config.custom.mullvad;
|
|
|
|
secret =
|
|
if builtins.pathExists "${secretstore}/hosts/${host}/mullvad/device.json"
|
|
then ./secrets.nix
|
|
else {};
|
|
in {
|
|
#define option to enable this
|
|
options.custom.mullvad.enable = mkEnableOption "Enable SSH";
|
|
|
|
# imports = [ secret ];
|
|
|
|
config = mkIf cfg.enable {
|
|
networking.wireguard.enable = true;
|
|
services.mullvad-vpn.enable = true;
|
|
|
|
# set some options after every daemon start
|
|
# to avoid accidentally leaving unsafe settings
|
|
systemd.services."mullvad-daemon" = {
|
|
postStart = ''
|
|
while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
|
|
${pkgs.mullvad}/bin/mullvad lan set allow #enable local lan access
|
|
${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard
|
|
${pkgs.mullvad}/bin/mullvad relay set location ca mtr
|
|
'';
|
|
};
|
|
};
|
|
}
|