From 5af3f64a139c1f3fad9f09429e11562c15fea879 Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Tue, 19 Sep 2023 01:33:07 +0900
Subject: feat(nixos/haruka): enable nm-mullvad

---
 nixos/haruka/configuration.nix | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'nixos/haruka/configuration.nix')

diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix
index 0967bca..b3ce7e0 100644
--- a/nixos/haruka/configuration.nix
+++ b/nixos/haruka/configuration.nix
@@ -64,6 +64,33 @@
   networking.networkmanager.enable = true;
   networking.firewall.enable = true;
 
+  sops.secrets.mullvad-private-key = { };
+  sops.secrets.mullvad-ipv4-address = { };
+  sops.secrets.mullvad-ipv6-address = { };
+
+  networking.networkmanager.nm-mullvad = {
+    enable = true;
+
+    listenPort = 51820;
+    openFirewall = true;
+
+    autoConnect = {
+      enable = true;
+      profile = "jp-tyo-wg-001";
+    };
+
+    availableServers = [
+      "jp-tyo-wg-001"
+      "jp-osa-wg-002"
+      "se-mma-wg-001"
+      "se-sto-wg-002"
+    ];
+
+    privateKeyPath = config.sops.secrets.mullvad-private-key.path;
+    ipv4AddressPath = config.sops.secrets.mullvad-ipv4-address.path;
+    ipv6AddressPath = config.sops.secrets.mullvad-ipv6-address.path;
+  };
+
   programs.nm-applet.enable = true;
 
   i18n.defaultLocale = "en_US.UTF-8";
-- 
cgit 1.4.1