1 files changed, 19 insertions, 3 deletions

diff --git a/modules/mullvad.nix b/modules/wireguard.nix
index 436a3b2..0188d90 100644
--- a/modules/mullvad.nix
+++ b/modules/wireguard.nix
@@ -1,12 +1,14 @@
 { config, lib, pkgs, ... }:
 
 let
-  cfg = config.orbekk.mullvad;
+  cfg = config.orbekk.wireguard;
 in
 {
   options = {
-    orbekk.mullvad = {
+    orbekk.wireguard = {
       enable = lib.mkEnableOption "Enable VPN";
+      enableMullvad = lib.mkEnableOption "Enable Mullvad";
+      enableNycmesh = lib.mkEnableOption "Enable NYC Mesh";
 
       listenPort = lib.mkOption {
         type = lib.types.port;
@@ -21,7 +23,7 @@ in
 
     networking.wireguard = {
       enable = true;
-      interfaces.mullvad = {
+      interfaces.mullvad = lib.mkIf cfg.enableMullvad {
         privateKeyFile = "/opt/secret/wireguard/mullvad.private";
         ips = [ "10.70.90.245/32" "fc00:bbbb:bbbb:bb01::7:5af4/128" ];
         allowedIPsAsRoutes = false;
@@ -34,6 +36,20 @@ in
           }
         ];
       };
+
+      interfaces.nycmesh = lib.mkIf cfg.enableNycmesh {
+        privateKeyFile = "/opt/secret/wireguard/nycmesh.private";
+        ips = [ "10.70.73.50/32" ];
+        allowedIPsAsRoutes = false;
+        listenPort = cfg.listenPort;
+        peers = [
+          {
+            endpoint = "wgvpn.sn1.mesh.nycmesh.net:51822";
+            publicKey = "W5AQ3LmNVr2bW/IQrIY1GpyacplGc2lpavoeSzU/KhQ=";
+            allowedIPs = [ "0.0.0.0/0" "::0/0" ];
+          }
+        ];
+      };
     };
   };
 }