mullvad: add vpn config file
This commit is contained in:
parent
d9f56ffc93
commit
db80138e53
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
{ config, pkgs, inputs, ... }: {
|
||||
imports = [ ./gamemode.nix ./cachix.nix ./media-packages.nix ./boot.nix ];
|
||||
imports = [ ./gamemode.nix ./cachix.nix ./media-packages.nix ./boot.nix ./vpn.nix ];
|
||||
packages.media-packages.enable = true;
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
@ -141,15 +141,6 @@
|
|||
enableSSHSupport = true;
|
||||
pinentryFlavor = "curses";
|
||||
};
|
||||
# List services that you want to enable:
|
||||
# Enable the OpenSSH daemon.
|
||||
# services.openssh.enable = true;
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
networking.firewall.enable = false;
|
||||
services.mullvad-vpn.enable = true;
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
||||
|
|
31
system/vpn.nix
Normal file
31
system/vpn.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ pkgs, ... }: {
|
||||
networking.firewall.enable = false;
|
||||
|
||||
services.mullvad-vpn.enable = true;
|
||||
networking.nftables = {
|
||||
enable = true;
|
||||
ruleset = ''
|
||||
table inet allowSSH {
|
||||
chain allowIncoming {
|
||||
type filter hook input priority -100; policy accept;
|
||||
tcp dport 9022 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||
}
|
||||
chain allowOutgoing {
|
||||
type route hook output priority -100; policy accept;
|
||||
tcp sport 9022 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||
}
|
||||
}
|
||||
|
||||
table inet allowNixServe {
|
||||
chain allowIncoming {
|
||||
type filter hook input priority -100; policy accept;
|
||||
tcp dport 5000 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||
}
|
||||
chain allowOutgoing {
|
||||
type route hook output priority -100; policy accept;
|
||||
tcp sport 5000 ct mark set 0x00000f41 meta mark set 0x6d6f6c65
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue