nixos-config/system/vpn.nix

{ config, pkgs, ... }:

{
  networking.wireguard.enable = true;

  services.mullvad-vpn.enable = true;

  # set some options after every daemon start
  # to avoid accidentally leaving unsafe settings
  systemd.services."mullvad-daemon".postStart = ''
    while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
    ${pkgs.mullvad}/bin/mullvad always-require-vpn set on
    ${pkgs.mullvad}/bin/mullvad dns set default \
      --block-ads --block-trackers --block-malware
    ${pkgs.mullvad}/bin/mullvad lan set allow
    ${pkgs.mullvad}/bin/mullvad tunnel ipv6 set on
    ${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard
    ${pkgs.mullvad}/bin/mullvad relay set location de dus
  '';
}
feat: add mullvad 2020-05-22 18:16:21 +02:00			`{ config, pkgs, ... }:`

			`{`
feat(vpn): enable wireguard kernel module 2020-11-14 11:20:59 +01:00			`networking.wireguard.enable = true;`
fix(vpn): add workaround for mullvad issues 2021-06-10 12:14:30 +02:00
feat: add mullvad 2020-05-22 18:16:21 +02:00			`services.mullvad-vpn.enable = true;`
feat(vpn): add mullvad configuration service 2022-08-08 22:58:02 +02:00
			`# set some options after every daemon start`
			`# to avoid accidentally leaving unsafe settings`
			`systemd.services."mullvad-daemon".postStart = ''`
			`while ! ${pkgs.mullvad}/bin/mullvad status >/dev/null; do sleep 1; done`
			`${pkgs.mullvad}/bin/mullvad always-require-vpn set on`
			`${pkgs.mullvad}/bin/mullvad dns set default \`
			`--block-ads --block-trackers --block-malware`
			`${pkgs.mullvad}/bin/mullvad lan set allow`
			`${pkgs.mullvad}/bin/mullvad tunnel ipv6 set on`
			`${pkgs.mullvad}/bin/mullvad relay set tunnel-protocol wireguard`
			`${pkgs.mullvad}/bin/mullvad relay set location de dus`
			`'';`
feat: add mullvad 2020-05-22 18:16:21 +02:00			`}`