summaryrefslogtreecommitdiffstats
path: root/modules/vpn
diff options
context:
space:
mode:
Diffstat (limited to 'modules/vpn')
-rw-r--r--modules/vpn/default.nix3
-rw-r--r--modules/vpn/mullvad/default.nix49
2 files changed, 52 insertions, 0 deletions
diff --git a/modules/vpn/default.nix b/modules/vpn/default.nix
new file mode 100644
index 0000000..6640ba6
--- /dev/null
+++ b/modules/vpn/default.nix
@@ -0,0 +1,3 @@
+[
+ ./mullvad
+]
diff --git a/modules/vpn/mullvad/default.nix b/modules/vpn/mullvad/default.nix
new file mode 100644
index 0000000..c6c9038
--- /dev/null
+++ b/modules/vpn/mullvad/default.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, user, ... }:
+with lib;
+{
+ options = {
+ mullvad-vpn = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ };
+ };
+
+ config = mkIf (config.mullvad-vpn.enable)
+ {
+ services.openvpn = {
+ servers = {
+ MullvadVPN-US-Miami = {
+ config = ''
+client
+dev tun
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+verb 3
+remote-cert-tls server
+ping 10
+ping-restart 60
+sndbuf 524288
+rcvbuf 524288
+cipher AES-256-GCM
+tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
+proto udp
+auth-user-pass /etc/nixos/secrets/mullvad_us_mia/mullvad_userpass.txt
+ca /etc/nixos/secrets/mullvad_us_mia/mullvad_ca.crt
+tun-ipv6
+script-security 2
+up /etc/nixos/secrets/mullvad_us_mia/update-resolv-conf
+down /etc/nixos/secrets/mullvad_us_mia/update-resolv-conf
+fast-io
+remote-random
+remote 146.70.187.194 1302 # us-mia-ovpn-101
+remote 146.70.183.66 1302 # us-mia-ovpn-102
+ '';
+ };
+ };
+ };
+ };
+}