feat(nixos/haruka): enable nm-mullvad

3 files changed, 34 insertions, 2 deletions

diff --git a/nixos/default.nix b/nixos/default.nix
index 820be9d..9b97737 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -31,6 +31,7 @@
       ../modules/laptop.nix
       ../modules/cachix
       ../modules/keyd-qol.nix
+      ../modules/nm-mullvad
       inputs.sops-nix.nixosModules.sops
       inputs.impermanence.nixosModules.impermanence
     ];
diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix
index 0967bca..b3ce7e0 100644
--- a/nixos/haruka/configuration.nix
+++ b/nixos/haruka/configuration.nix
@@ -64,6 +64,33 @@
   networking.networkmanager.enable = true;
   networking.firewall.enable = true;
 
+  sops.secrets.mullvad-private-key = { };
+  sops.secrets.mullvad-ipv4-address = { };
+  sops.secrets.mullvad-ipv6-address = { };
+
+  networking.networkmanager.nm-mullvad = {
+    enable = true;
+
+    listenPort = 51820;
+    openFirewall = true;
+
+    autoConnect = {
+      enable = true;
+      profile = "jp-tyo-wg-001";
+    };
+
+    availableServers = [
+      "jp-tyo-wg-001"
+      "jp-osa-wg-002"
+      "se-mma-wg-001"
+      "se-sto-wg-002"
+    ];
+
+    privateKeyPath = config.sops.secrets.mullvad-private-key.path;
+    ipv4AddressPath = config.sops.secrets.mullvad-ipv4-address.path;
+    ipv6AddressPath = config.sops.secrets.mullvad-ipv6-address.path;
+  };
+
   programs.nm-applet.enable = true;
 
   i18n.defaultLocale = "en_US.UTF-8";
diff --git a/nixos/haruka/secrets/secrets.yaml b/nixos/haruka/secrets/secrets.yaml
index a59a2a8..b81f1d7 100644
--- a/nixos/haruka/secrets/secrets.yaml
+++ b/nixos/haruka/secrets/secrets.yaml
@@ -1,6 +1,10 @@
 root-password: ENC[AES256_GCM,data:5bmLUZ/JqQtelGz1UKmX4MfMAvZehq+K4S7VeujhAVkVOu28qP8uFM7/cAC3rLP3LHMWdF5Ktjd3AxL3BqG7pfsYzP1CJSg47w==,iv:/jIWyTjVro2tJTx3XXipeMVLXRsl2B2/ADXPDDQkttI=,tag:/TMZteWjARWCKufgqU1TiQ==,type:str]
 sefidel-password: ENC[AES256_GCM,data:/LpPSzpABh1y5DIU/0Ki9Rn9PDidAoG0zvus3UZC6wpIjGGjtUoCJnRKDDePw6hL3uM7wo8uGVANs8w5sDkwO33Neu2rNb6adQ==,iv:Bhgpej2yXXnUtwA2g4Yhj98iLzm0U2zHvdJcL/3ZugU=,tag:B+ua2H1xluy2/OH9P+/GJw==,type:str]
 borg-haruka-rolling-pass: ENC[AES256_GCM,data:JqmKd5VvdCq8Y6ks8bspQ2YC4X1gihTpeERs2rvK/w==,iv:+g+ZGraW76PASfht8tNF4c30zYUeiR8tTRqxu+ETdjQ=,tag:leFtuzalVnkWMFz5PSx9Xw==,type:str]
+#ENC[AES256_GCM,data:Bq2caopim4uTGCOCl4TS/4dWUXk57A==,iv:4rtfPA5YNDNw18mcJgsQhYnMlhoJb6psvrKMDmPwXAQ=,tag:i4XMxZgOrf5+IHy4hFYBOw==,type:comment]
+mullvad-private-key: ENC[AES256_GCM,data:harFVTtaFphs+E+sJDYWCPz8oEx3B3RJhW9Z0Hv5G4aF+nWDGpqmFu/D1aU=,iv:V3cyHJeEHEtSU97LFraoMLpXMDtRlvdJnPXM1BZxgSI=,tag:1qDFAy0SKwkxnmeXuqOCdQ==,type:str]
+mullvad-ipv4-address: ENC[AES256_GCM,data:LMFI5esMdlk/ewV/hqAY,iv:W9u6mt719qssq6nSk8rmF+G4ZrIOAk4G+X7yIkoEKa0=,tag:q7F2JpTaq+45zqwct+71UQ==,type:str]
+mullvad-ipv6-address: ENC[AES256_GCM,data:CzUUSc7Fwn3FNClDrAhCFOx0QnZwPGUlaJkMmKUu0w==,iv:79nyIIvuFV7bmg1e0KT+of1ZcYlcSYyy1cQL2DVqDds=,tag:Rb5CMIVnept5CHTZ6rDh3A==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -25,8 +29,8 @@ sops:
             NEt0ZUdHekFsc1ZPY0NkdkFmSXBicTgKWd6zebmSjrwokehdz3L5x61XNf3Mn1g/
             II/uRkYH7UXuw7Hji/Maa4JsWmdWtNhqMQPvd0WBGZQpbeWwqwBuFA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-09-14T11:22:16Z"
-    mac: ENC[AES256_GCM,data:dSNP4IWtyKTshrIBSADR5TdK4edi8NOKqC+/MSgZTnq3jxc5j6rE32vFJAJaezzbbypIcXy6H6IK/YpvBVa6YThDQaG3LVvmmqWzhJtpRLJakNGfbreKnbOWog7XOSOGPUi5f5g+IQZhO7XX1oP6RmmbxHGNRCPMPPalJRuPakI=,iv:wkSp20znSxToZBEHzsTxI7F1eOiSLs/MwQcH52G8D6w=,tag:0okZjKoZZE//906lzOs2FQ==,type:str]
+    lastmodified: "2023-09-18T16:32:00Z"
+    mac: ENC[AES256_GCM,data:i3U9LGLccJWb6zWvJYvhZtb4w4F4Md+qCFD8bcPC4A4tFnq1PbyOb0TA+28BSdkcD5KRVHaZ/Jqv1ajCteYfcFCDKjaqfqYQfPKyI+1TVOUJq+doF9XLDgMfphslxiDJCNHhg36IGqpuIrfx9UplGf86Tv8a6+AOJrCD74JxYfY=,iv:D+gstgtb1Wc43VvWGFm2rcsE2q/gj/XSmAlTqLa8nBU=,tag:/W6yjkA9Dftaqj5p5IXAYQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3