Simon Bruder
56b9c6c37f
Since wg-quick does not require the configuration file to include a private key and local addresses, they can be added after the execution of wg-quick. Fixes #32.
56 lines
1.5 KiB
Nix
56 lines
1.5 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
relays = builtins.fromJSON (builtins.readFile ./relays.json);
|
|
|
|
cfg = config.sbruder.mullvad;
|
|
|
|
relayConfigs = lib.mapAttrs'
|
|
(name: configuration: lib.nameValuePair "mullvad-${name}.conf" (with configuration; ''
|
|
[Interface]
|
|
DNS = ${cfg.dnsServer}
|
|
|
|
[Peer]
|
|
Endpoint = ${if cfg.ipVersion == 4 then endpoint4 else endpoint6}:${toString cfg.port}
|
|
PublicKey = ${pubkey}
|
|
AllowedIPs = 0.0.0.0/0,::0/0
|
|
''))
|
|
relays;
|
|
|
|
# Creating 100+ files in a separate derivation each has too much overhead
|
|
relayConfigFiles = pkgs.runCommandNoCC "etc-wireguard-mullvad" { } (''
|
|
mkdir $out
|
|
'' + (lib.concatStringsSep
|
|
"\n"
|
|
(lib.mapAttrsToList
|
|
(name: content: ''
|
|
cat > $out/${lib.escapeShellArg name} << EOF
|
|
${content}
|
|
EOF
|
|
'')
|
|
relayConfigs)));
|
|
in
|
|
{
|
|
options.sbruder.mullvad = {
|
|
enable = lib.mkEnableOption "wg-quick compatible configuration files in /etc/wireguard for Mullvad VPN";
|
|
dnsServer = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "193.138.218.74";
|
|
};
|
|
ipVersion = lib.mkOption {
|
|
type = lib.types.enum [ 4 6 ];
|
|
default = 4;
|
|
};
|
|
port = lib.mkOption {
|
|
type = lib.types.port;
|
|
default = 51820;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
environment.etc = builtins.listToAttrs
|
|
(map
|
|
(name: lib.nameValuePair "wireguard/${name}" { source = "${relayConfigFiles}/${name}"; })
|
|
(lib.attrNames relayConfigs));
|
|
};
|
|
}
|