mullvad: add vpn config file
This commit is contained in:
parent
d9f56ffc93
commit
db80138e53
|
@ -2,7 +2,7 @@
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
{ config, pkgs, inputs, ... }: {
|
{ config, pkgs, inputs, ... }: {
|
||||||
imports = [ ./gamemode.nix ./cachix.nix ./media-packages.nix ./boot.nix ];
|
imports = [ ./gamemode.nix ./cachix.nix ./media-packages.nix ./boot.nix ./vpn.nix ];
|
||||||
packages.media-packages.enable = true;
|
packages.media-packages.enable = true;
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
@ -141,15 +141,6 @@
|
||||||
enableSSHSupport = true;
|
enableSSHSupport = true;
|
||||||
pinentryFlavor = "curses";
|
pinentryFlavor = "curses";
|
||||||
};
|
};
|
||||||
# List services that you want to enable:
|
|
||||||
# Enable the OpenSSH daemon.
|
|
||||||
# services.openssh.enable = true;
|
|
||||||
# Open ports in the firewall.
|
|
||||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
|
||||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
|
||||||
# Or disable the firewall altogether.
|
|
||||||
networking.firewall.enable = false;
|
|
||||||
services.mullvad-vpn.enable = true;
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
||||||
|
|
31
system/vpn.nix
Normal file
31
system/vpn.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
|
services.mullvad-vpn.enable = true;
|
||||||
|
networking.nftables = {
|
||||||
|
enable = true;
|
||||||
|
ruleset = ''
|
||||||
|
table inet allowSSH {
|
||||||
|
chain allowIncoming {
|
||||||
|
type filter hook input priority -100; policy accept;
|
||||||
|
tcp dport 9022 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||||
|
}
|
||||||
|
chain allowOutgoing {
|
||||||
|
type route hook output priority -100; policy accept;
|
||||||
|
tcp sport 9022 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
table inet allowNixServe {
|
||||||
|
chain allowIncoming {
|
||||||
|
type filter hook input priority -100; policy accept;
|
||||||
|
tcp dport 5000 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||||
|
}
|
||||||
|
chain allowOutgoing {
|
||||||
|
type route hook output priority -100; policy accept;
|
||||||
|
tcp sport 5000 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue