fix config

1 files changed, 39 insertions, 0 deletions

diff --git a/modules/mullvad.nix b/modules/mullvad.nix
new file mode 100644
index 0000000..436a3b2
--- /dev/null
+++ b/modules/mullvad.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.orbekk.mullvad;
+in
+{
+  options = {
+    orbekk.mullvad = {
+      enable = lib.mkEnableOption "Enable VPN";
+
+      listenPort = lib.mkOption {
+        type = lib.types.port;
+        default = 40421;
+        description = "wireguard local port";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    orbekk.simple-firewall.allowedUDPPorts = [ cfg.listenPort ];
+
+    networking.wireguard = {
+      enable = true;
+      interfaces.mullvad = {
+        privateKeyFile = "/opt/secret/wireguard/mullvad.private";
+        ips = [ "10.70.90.245/32" "fc00:bbbb:bbbb:bb01::7:5af4/128" ];
+        allowedIPsAsRoutes = false;
+        listenPort = cfg.listenPort;
+        peers = [
+          {
+            endpoint = "ca10-wireguard.mullvad.net:51820";
+            publicKey = "pAVh6WJtyF7ktvavez399L4A615TXOAaUHQgpwJ4EHU=";
+            allowedIPs = [ "0.0.0.0/0" "::0/0" ];
+          }
+        ];
+      };
+    };
+  };
+}