{ config, lib, pkgs, user, ... }:
with lib;
{
    options = {
        mullvad-vpn = {
            enable = mkOption {
                type = types.bool;
                default = false;
            };
        };
    };

    config = mkIf (config.mullvad-vpn.enable)
    {
        services.openvpn = {
            servers = {
                MullvadVPN-US-Miami = {
                    config = ''
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288
cipher AES-256-GCM
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
proto udp
auth-user-pass /etc/nixos/secrets/mullvad_us_mia/mullvad_userpass.txt
ca /etc/nixos/secrets/mullvad_us_mia/mullvad_ca.crt
tun-ipv6
script-security 2
up /etc/nixos/secrets/mullvad_us_mia/update-resolv-conf
down /etc/nixos/secrets/mullvad_us_mia/update-resolv-conf
fast-io
remote-random
remote 146.70.187.194 1302 # us-mia-ovpn-101
remote 146.70.183.66 1302 # us-mia-ovpn-102
                    '';
                };
            };
        };
    };
}