nixos-config/modules/mullvad/default.nix

{ config, lib, pkgs, ... }:
let
  relays = builtins.fromJSON (builtins.readFile ./relays.json);

  cfg = config.sbruder.mullvad;

  relayConfigs = lib.mapAttrs'
    (name: configuration: lib.nameValuePair "mullvad-${name}.conf" (with configuration; ''
      [Interface]
      DNS = ${cfg.dnsServer}

      [Peer]
      Endpoint = ${if cfg.ipVersion == 4 then endpoint4 else endpoint6}:${toString cfg.port}
      PublicKey = ${pubkey}
      AllowedIPs = 0.0.0.0/0,::0/0
    ''))
    relays;

  # Creating 100+ files in a separate derivation each has too much overhead
  relayConfigFiles = pkgs.runCommandNoCC "etc-wireguard-mullvad" { } (''
    mkdir $out
  '' + (lib.concatStringsSep
    "\n"
    (lib.mapAttrsToList
      (name: content: ''
        cat > $out/${lib.escapeShellArg name} << EOF
        ${content}
        EOF
      '')
      relayConfigs)));
in
{
  options.sbruder.mullvad = {
    enable = lib.mkEnableOption "wg-quick compatible configuration files in /etc/wireguard for Mullvad VPN";
    dnsServer = lib.mkOption {
      type = lib.types.str;
      default = "193.138.218.74";
    };
    ipVersion = lib.mkOption {
      type = lib.types.enum [ 4 6 ];
      default = 4;
    };
    port = lib.mkOption {
      type = lib.types.port;
      default = 51820;
    };
  };

  config = lib.mkIf cfg.enable {
    environment.etc = builtins.listToAttrs
      (map
        (name: lib.nameValuePair "wireguard/${name}" { source = "${relayConfigFiles}/${name}"; })
        (lib.attrNames relayConfigs));
  };
}
Add module for on-demand usage of mullvad Since wg-quick does not require the configuration file to include a private key and local addresses, they can be added after the execution of wg-quick. Fixes #32. 2021-05-31 23:02:11 +02:00			`{ config, lib, pkgs, ... }:`
			`let`
			`relays = builtins.fromJSON (builtins.readFile ./relays.json);`

			`cfg = config.sbruder.mullvad;`

			`relayConfigs = lib.mapAttrs'`
			`(name: configuration: lib.nameValuePair "mullvad-${name}.conf" (with configuration; ''`
			`[Interface]`
			`DNS = ${cfg.dnsServer}`

			`[Peer]`
			`Endpoint = ${if cfg.ipVersion == 4 then endpoint4 else endpoint6}:${toString cfg.port}`
			`PublicKey = ${pubkey}`
			`AllowedIPs = 0.0.0.0/0,::0/0`
			`''))`
			`relays;`

			`# Creating 100+ files in a separate derivation each has too much overhead`
			`relayConfigFiles = pkgs.runCommandNoCC "etc-wireguard-mullvad" { } (''`
			`mkdir $out`
			`'' + (lib.concatStringsSep`
			`"\n"`
			`(lib.mapAttrsToList`
			`(name: content: ''`
			`cat > $out/${lib.escapeShellArg name} << EOF`
			`${content}`
			`EOF`
			`'')`
			`relayConfigs)));`
			`in`
			`{`
			`options.sbruder.mullvad = {`
			`enable = lib.mkEnableOption "wg-quick compatible configuration files in /etc/wireguard for Mullvad VPN";`
			`dnsServer = lib.mkOption {`
			`type = lib.types.str;`
			`default = "193.138.218.74";`
			`};`
			`ipVersion = lib.mkOption {`
			`type = lib.types.enum [ 4 6 ];`
			`default = 4;`
			`};`
			`port = lib.mkOption {`
			`type = lib.types.port;`
			`default = 51820;`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`environment.etc = builtins.listToAttrs`
			`(map`
			`(name: lib.nameValuePair "wireguard/${name}" { source = "${relayConfigFiles}/${name}"; })`
			`(lib.attrNames relayConfigs));`
			`};`
			`}`