blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

95 current 2025-10-08 14:44:19 25.05.20251006.20c4598 6.12.50 *

Browse Source
This commit is contained in:
blake
2025-10-08 15:52:49 -05:00
parent de2058eeaf
commit 1578a2a9f9
4 changed files with 24 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
modules/system/vpns.nix
View File

@@ -13,7 +13,7 @@ in
default = false;
description = "enable pia vpn to mexico using openvpn";
};
wg_pia_mexico = lib.mkOption {
wg_mex = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable pia vpn to mexico using wireguard";
@@ -33,27 +33,29 @@ in
};
};
# enable pia mexico w/ wireguard
# enable mullvad mexico w/ wireguard
networking.wireguard.interfaces = lib.mkIf cfg.wg_pia_mexico {
wg_piamex = {
privateKeyFile = config.sops.secrets."wg_pia_mexico_key".path;
listenPort = 51820;
ips = [ "10.4.244.34/32" ];
peers = [
{
publicKey = "avK/Bdg+hyLMqP2k/7eEBTkxwCSzyy8FymwO/vFjbQg=";
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "77.81.142.245:1337";
wg_mex = {
# client settings
privateKeyFile = config.sops.secrets."wg_mex_key".path;
ips = [ "10.74.252.231/32" "fc00:bbbb:bbbb:bb01::b:fce6/128" ];
# remote settings
peers = [ {
publicKey = "yxyntWsANEwxeR0pOPNAcfWY7zEVICZe9G+GxortzEY=";
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
endpoint = "149.88.22.129:51820";
persistentKeepalive = 25;
}
];
} ];
postSetup = ''
# Remove default route that wg might add
ip route del default dev wg-mullvad 2>/dev/null || true
'';
};
};
# secrets only if VPN is enabled
sops.secrets = lib.mkIf cfg.enable {
"wg_pia_mexico_key" = { owner = "root"; group = "root"; };
"wg_mex_key" = { owner = "root"; group = "root"; };
"pia_auth" = { owner = "root"; group = "root"; };
"openvpn_pia_mexico_config" = {owner = "root"; group = "root"; };