From c22d36664e502b977b11bfb897fae8769c253933 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Tue, 7 Oct 2025 18:31:08 -0500
Subject: [PATCH] adding vpns

---
 modules/system/vpns.nix | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 modules/system/vpns.nix

diff --git a/modules/system/vpns.nix b/modules/system/vpns.nix
new file mode 100644
index 0000000..191d124
--- /dev/null
+++ b/modules/system/vpns.nix
@@ -0,0 +1,36 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.system.vpns;
+in
+{
+  options.modules.system.vpns = {
+    enable = lib.mkEnableOption "enables vpns";
+  
+    # toggle for pia mexico w/ openvpn
+    openvpn_pia_mexico = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "enable pia vpn to mexico using openvpn";
+    };
+    
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # enable pia mexico w/ openvpn
+    config = lib.mkIf cfg.openvpn_pia_mexico {
+      services.openvpn.servers.pia-mexico = {
+        enable = true;
+        config = config.sops.secrets."openvpn_pia_mexico_config".path;
+        sops.secrets = {
+          "openvpn_pia_mexico_config" = {
+            owner = root;
+            group = root;
+          };
+        };
+      };
+    };
+    
+  };
+}