mirror of
https://github.com/sstent/vmimages.git
synced 2026-01-25 14:41:44 +00:00
41 lines
969 B
Nix
41 lines
969 B
Nix
{ lib, pkgs, config, ... }:
|
|
with lib;
|
|
|
|
let
|
|
secretstore = config._secretstore;
|
|
host = config.networking.hostName;
|
|
|
|
cfg = config.custom.mullvad;
|
|
|
|
secret = if builtins.pathExists "${secretstore}/hosts/${host}/mullvad/device.json" then
|
|
./secrets.nix
|
|
else
|
|
{ };
|
|
|
|
in {
|
|
|
|
#define option to enable this
|
|
options.custom.mullvad.enable = mkEnableOption "Enable SSH";
|
|
|
|
# imports = [ secret ];
|
|
|
|
config = mkIf cfg.enable {
|
|
networking.wireguard.enable = true;
|
|
services.mullvad-vpn.enable = true;
|
|
|
|
# set some options after every daemon start
|
|
# to avoid accidentally leaving unsafe settings
|
|
systemd.services."mullvad-daemon" = {
|
|
postStart = ''
|
|
while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
|
|
${pkgs.mullvad}/bin/mullvad lan set allow #enable local lan access
|
|
${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard
|
|
${pkgs.mullvad}/bin/mullvad relay set location ca mtr
|
|
'';
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
} |