diff options
| -rw-r--r-- | nixos/default.nix | 1 | ||||
| -rw-r--r-- | nixos/haruka/configuration.nix | 27 | ||||
| -rw-r--r-- | nixos/haruka/secrets/secrets.yaml | 8 |
3 files changed, 34 insertions, 2 deletions
diff --git a/nixos/default.nix b/nixos/default.nix index 820be9d..9b97737 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -31,6 +31,7 @@ ../modules/laptop.nix ../modules/cachix ../modules/keyd-qol.nix + ../modules/nm-mullvad inputs.sops-nix.nixosModules.sops inputs.impermanence.nixosModules.impermanence ]; diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix index 0967bca..b3ce7e0 100644 --- a/nixos/haruka/configuration.nix +++ b/nixos/haruka/configuration.nix @@ -64,6 +64,33 @@ networking.networkmanager.enable = true; networking.firewall.enable = true; + sops.secrets.mullvad-private-key = { }; + sops.secrets.mullvad-ipv4-address = { }; + sops.secrets.mullvad-ipv6-address = { }; + + networking.networkmanager.nm-mullvad = { + enable = true; + + listenPort = 51820; + openFirewall = true; + + autoConnect = { + enable = true; + profile = "jp-tyo-wg-001"; + }; + + availableServers = [ + "jp-tyo-wg-001" + "jp-osa-wg-002" + "se-mma-wg-001" + "se-sto-wg-002" + ]; + + privateKeyPath = config.sops.secrets.mullvad-private-key.path; + ipv4AddressPath = config.sops.secrets.mullvad-ipv4-address.path; + ipv6AddressPath = config.sops.secrets.mullvad-ipv6-address.path; + }; + programs.nm-applet.enable = true; i18n.defaultLocale = "en_US.UTF-8"; diff --git a/nixos/haruka/secrets/secrets.yaml b/nixos/haruka/secrets/secrets.yaml index a59a2a8..b81f1d7 100644 --- a/nixos/haruka/secrets/secrets.yaml +++ b/nixos/haruka/secrets/secrets.yaml @@ -1,6 +1,10 @@ root-password: ENC[AES256_GCM,data:5bmLUZ/JqQtelGz1UKmX4MfMAvZehq+K4S7VeujhAVkVOu28qP8uFM7/cAC3rLP3LHMWdF5Ktjd3AxL3BqG7pfsYzP1CJSg47w==,iv:/jIWyTjVro2tJTx3XXipeMVLXRsl2B2/ADXPDDQkttI=,tag:/TMZteWjARWCKufgqU1TiQ==,type:str] sefidel-password: ENC[AES256_GCM,data:/LpPSzpABh1y5DIU/0Ki9Rn9PDidAoG0zvus3UZC6wpIjGGjtUoCJnRKDDePw6hL3uM7wo8uGVANs8w5sDkwO33Neu2rNb6adQ==,iv:Bhgpej2yXXnUtwA2g4Yhj98iLzm0U2zHvdJcL/3ZugU=,tag:B+ua2H1xluy2/OH9P+/GJw==,type:str] borg-haruka-rolling-pass: ENC[AES256_GCM,data:JqmKd5VvdCq8Y6ks8bspQ2YC4X1gihTpeERs2rvK/w==,iv:+g+ZGraW76PASfht8tNF4c30zYUeiR8tTRqxu+ETdjQ=,tag:leFtuzalVnkWMFz5PSx9Xw==,type:str] +#ENC[AES256_GCM,data:Bq2caopim4uTGCOCl4TS/4dWUXk57A==,iv:4rtfPA5YNDNw18mcJgsQhYnMlhoJb6psvrKMDmPwXAQ=,tag:i4XMxZgOrf5+IHy4hFYBOw==,type:comment] +mullvad-private-key: ENC[AES256_GCM,data:harFVTtaFphs+E+sJDYWCPz8oEx3B3RJhW9Z0Hv5G4aF+nWDGpqmFu/D1aU=,iv:V3cyHJeEHEtSU97LFraoMLpXMDtRlvdJnPXM1BZxgSI=,tag:1qDFAy0SKwkxnmeXuqOCdQ==,type:str] +mullvad-ipv4-address: ENC[AES256_GCM,data:LMFI5esMdlk/ewV/hqAY,iv:W9u6mt719qssq6nSk8rmF+G4ZrIOAk4G+X7yIkoEKa0=,tag:q7F2JpTaq+45zqwct+71UQ==,type:str] +mullvad-ipv6-address: ENC[AES256_GCM,data:CzUUSc7Fwn3FNClDrAhCFOx0QnZwPGUlaJkMmKUu0w==,iv:79nyIIvuFV7bmg1e0KT+of1ZcYlcSYyy1cQL2DVqDds=,tag:Rb5CMIVnept5CHTZ6rDh3A==,type:str] sops: kms: [] gcp_kms: [] @@ -25,8 +29,8 @@ sops: NEt0ZUdHekFsc1ZPY0NkdkFmSXBicTgKWd6zebmSjrwokehdz3L5x61XNf3Mn1g/ II/uRkYH7UXuw7Hji/Maa4JsWmdWtNhqMQPvd0WBGZQpbeWwqwBuFA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-14T11:22:16Z" - mac: ENC[AES256_GCM,data:dSNP4IWtyKTshrIBSADR5TdK4edi8NOKqC+/MSgZTnq3jxc5j6rE32vFJAJaezzbbypIcXy6H6IK/YpvBVa6YThDQaG3LVvmmqWzhJtpRLJakNGfbreKnbOWog7XOSOGPUi5f5g+IQZhO7XX1oP6RmmbxHGNRCPMPPalJRuPakI=,iv:wkSp20znSxToZBEHzsTxI7F1eOiSLs/MwQcH52G8D6w=,tag:0okZjKoZZE//906lzOs2FQ==,type:str] + lastmodified: "2023-09-18T16:32:00Z" + mac: ENC[AES256_GCM,data:i3U9LGLccJWb6zWvJYvhZtb4w4F4Md+qCFD8bcPC4A4tFnq1PbyOb0TA+28BSdkcD5KRVHaZ/Jqv1ajCteYfcFCDKjaqfqYQfPKyI+1TVOUJq+doF9XLDgMfphslxiDJCNHhg36IGqpuIrfx9UplGf86Tv8a6+AOJrCD74JxYfY=,iv:D+gstgtb1Wc43VvWGFm2rcsE2q/gj/XSmAlTqLa8nBU=,tag:/W6yjkA9Dftaqj5p5IXAYQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 |