mullvad: add vpn config file

This commit is contained in:
Leonardo Eugênio 2023-03-09 12:38:53 -03:00
parent d9f56ffc93
commit db80138e53
2 changed files with 32 additions and 10 deletions

View file

@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, inputs, ... }: {
imports = [ ./gamemode.nix ./cachix.nix ./media-packages.nix ./boot.nix ];
imports = [ ./gamemode.nix ./cachix.nix ./media-packages.nix ./boot.nix ./vpn.nix ];
packages.media-packages.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
@ -141,15 +141,6 @@
enableSSHSupport = true;
pinentryFlavor = "curses";
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
services.mullvad-vpn.enable = true;
security.sudo.wheelNeedsPassword = false;
nix.registry.nixpkgs.flake = inputs.nixpkgs;

31
system/vpn.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, ... }: {
networking.firewall.enable = false;
services.mullvad-vpn.enable = true;
networking.nftables = {
enable = true;
ruleset = ''
table inet allowSSH {
chain allowIncoming {
type filter hook input priority -100; policy accept;
tcp dport 9022 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
}
chain allowOutgoing {
type route hook output priority -100; policy accept;
tcp sport 9022 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
}
}
table inet allowNixServe {
chain allowIncoming {
type filter hook input priority -100; policy accept;
tcp dport 5000 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
}
chain allowOutgoing {
type route hook output priority -100; policy accept;
tcp sport 5000 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
}
}
'';
};
}