about summary refs log tree commit diff
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2023-09-19 01:26:42 +0900
committersefidel <contact@sefidel.net>2023-09-19 01:26:42 +0900
commit303d436f49fff97672afafaa47afaa1895e7f379 (patch)
tree6235686e7e4e7f14a799926a6bc23f85d2ae8a44
parent9084e40de72042f10c78b5a423b415bad0a53179 (diff)
downloadnixrc-303d436f49fff97672afafaa47afaa1895e7f379.tar.gz
nixrc-303d436f49fff97672afafaa47afaa1895e7f379.zip
feat(nixos/alpha): enable nm-mullvad
-rw-r--r--nixos/alpha/configuration.nix27
-rw-r--r--nixos/alpha/secrets/secrets.yaml7
-rw-r--r--nixos/default.nix1
3 files changed, 33 insertions, 2 deletions
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix
index d5912d9..d15baec 100644
--- a/nixos/alpha/configuration.nix
+++ b/nixos/alpha/configuration.nix
@@ -64,6 +64,33 @@
   networking.useDHCP = false;
   networking.firewall.enable = true;
 
+  sops.secrets.mullvad-private-key = { };
+  sops.secrets.mullvad-ipv4-address = { };
+  sops.secrets.mullvad-ipv6-address = { };
+
+  networking.networkmanager.nm-mullvad = {
+    enable = true;
+
+    listenPort = 51820;
+    openFirewall = true;
+
+    autoConnect = {
+      enable = true;
+      profile = "jp-tyo-wg-001";
+    };
+
+    availableServers = [
+      "jp-tyo-wg-001"
+      "jp-osa-wg-002"
+      "se-mma-wg-001"
+      "se-sto-wg-002"
+    ];
+
+    privateKeyPath = config.sops.secrets.mullvad-private-key.path;
+    ipv4AddressPath = config.sops.secrets.mullvad-ipv4-address.path;
+    ipv6AddressPath = config.sops.secrets.mullvad-ipv6-address.path;
+  };
+
   programs.nm-applet.enable = true;
 
   i18n.defaultLocale = "en_US.UTF-8";
diff --git a/nixos/alpha/secrets/secrets.yaml b/nixos/alpha/secrets/secrets.yaml
index ed9ea5f..a82f5b3 100644
--- a/nixos/alpha/secrets/secrets.yaml
+++ b/nixos/alpha/secrets/secrets.yaml
@@ -1,6 +1,9 @@
 root-password: ENC[AES256_GCM,data:4EgEuEEL2BGj1wDRdK16WY72xKjwAqqWBZzKMn84WdkjRpGaTV+3BGgGhPimdUCl0LkdD74EzyW+ABAJ9TLp1Wt8b5ZFT3l89A==,iv:7iHixJi85lOQJU8svPEYe122K1jOyJVJovqgReJn428=,tag:BLTaHH7FSDTfVewW17kMBQ==,type:str]
 sefidel-password: ENC[AES256_GCM,data:RAlIJ31NPPvD5Pz4k1ren1fVdMWI86z9OFSAj7I4wCSeEBU4TZJ/EvJQr0cAyX6i8oIzSoJ8S6VvKmIdqZe5A+s1a4FU63/3UzgrDRKx1zUHTctrDRA7YNYxl9EDxAD0nOAd4kLArVRtTA==,iv:g6YgymUNjZ/dPZKrPesNalAuhXLbmhGZGbjlmlBg+VQ=,tag:e+hHJX1/+f5ye4EAZEkeCw==,type:str]
 borg-alpha-rolling-pass: ENC[AES256_GCM,data:SNp7BINlzQ1oCAmdTBk3WThuhTlA/SB9SE5z,iv:N1E2dXteBwM9sWsC353B17cNrXLkiMSNbcrUv4tshfg=,tag:g7I32tsVf5eKB+t/4aDRSw==,type:str]
+mullvad-private-key: ENC[AES256_GCM,data:hBHGnUNY1tvwBHa1v5N8CebeQjcEdkRdBmRZqyythKKKy98OUgZgw2BLXYE=,iv:IgtBvaZbO3TUH/5A5To6RpDU7GSzLWUl7UrbkqrnADY=,tag:tSRc941gP8/gEg8jEn2aEA==,type:str]
+mullvad-ipv4-address: ENC[AES256_GCM,data:RXHq8+IyQjwo2QQF6UKu,iv:GW1FQHv/uamQV92w3P8p9lQPzVPNtA9ZedMd1+XSdAc=,tag:iegNRG6GZf3IiceOSBH9tg==,type:str]
+mullvad-ipv6-address: ENC[AES256_GCM,data:xB0XMhKjqV+X460Cj1EECgZ+aXSRfMDlmQNjJgRGpw==,iv:INfSkMbWroUENpqbzv+5VBAPVinnFLXISuUc+kpmdHA=,tag:L4zaQbnOO9KvZqpfER9Zuw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -25,8 +28,8 @@ sops:
             Qkt1Y2RIWmcwMW91VTVxeEVrUDR4MHcKNzDtHEEa8McCXgADwXRNNnwllOB+MZvR
             oDMuo1zZnKT0DzTxumd8DSgHK28PKNFOsWtxdunWF7lm30gZsFxQFQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-01T09:56:18Z"
-    mac: ENC[AES256_GCM,data:Sbn9baDlX0qQWMDOrWJTjSeFzhIHN3DbLU6fpFqVQJ0zb3aeJJpQIfUqTMtC6OitD/0kr2pTqhbcq0JrqpdiK+Iza0qBJ2+6WUZJPc/p+/X+rH/yQnjLOScU8QABm+CjW29te/+QtD3G9BHlvFcSj9J5R+FXLRSRnRhc5a1lT7c=,iv:9N5gHtZu6sv6xR2FPbx6zjg0mT0S59gkTipz0lTgcC0=,tag:71/BqbHHkTrxh8GT1iKesA==,type:str]
+    lastmodified: "2023-09-18T16:01:56Z"
+    mac: ENC[AES256_GCM,data:m2amShotRS23lA4/SpceW/a76668E7onyuW3ccQwUdy2yeFljFz4Yydi8IUV/0Ch/B8MpAYz9QW1QbxklHnnlj7vn3DOG5lrXmr+K8erHmRyMHviviZjoB2IJbf45LoKpwgkI0b3/PtMYmv1AZvUEpoXJxcDH8911GvNCCeNNBY=,iv:CFVOa7xVPiC2b6oErcR6C641wLBAaqbq57BgNuHYTzc=,tag:LtDJNOhnhT/4JnJQUG9rRw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/nixos/default.nix b/nixos/default.nix
index ecf182c..820be9d 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -8,6 +8,7 @@
       ../modules/security.nix
       ../modules/cachix
       ../modules/keyd-qol.nix
+      ../modules/nm-mullvad
       inputs.sops-nix.nixosModules.sops
       inputs.impermanence.nixosModules.impermanence
     ];