diff options
| author | Mel <mel@rnrd.eu> | 2026-02-14 23:19:33 +0100 |
|---|---|---|
| committer | Mel <mel@rnrd.eu> | 2026-02-14 23:21:06 +0100 |
| commit | 7273a3a04d5b59ac9aee4abe06928e0870b1ed78 (patch) | |
| tree | 8e75da8e58d63b507918997755c1a96607ce0fc8 /services | |
| parent | 8163c1772413c545583c46194823876ecc0b2707 (diff) | |
| download | network-7273a3a04d5b59ac9aee4abe06928e0870b1ed78.tar.zst network-7273a3a04d5b59ac9aee4abe06928e0870b1ed78.zip | |
Move VPN container stack from PIA to Mullvad
Signed-off-by: Mel <mel@rnrd.eu>
Diffstat (limited to 'services')
| -rw-r--r-- | services/torrent/default.nix | 58 |
1 files changed, 30 insertions, 28 deletions
diff --git a/services/torrent/default.nix b/services/torrent/default.nix index 7fed955..dbbdf7c 100644 --- a/services/torrent/default.nix +++ b/services/torrent/default.nix @@ -18,25 +18,25 @@ let # gluetun openvpn likes to ignore my mtu settings, # so we set it forcefully every 15 seconds. - vpn-force-mtu = pkgs.writeTextFile { - name = "vpn-force-mtu"; - destination = "/scripts/vpn-force-mtu.sh"; - executable = true; - text = '' - #!/bin/ash - while true; do - /bin/sleep 15 - /sbin/ip link set dev tun0 mtu ${toString mtu} 2>/dev/null || true - done - ''; - }; + #vpn-force-mtu = pkgs.writeTextFile { + # name = "vpn-force-mtu"; + # destination = "/scripts/vpn-force-mtu.sh"; + # executable = true; + # text = '' + # #!/bin/ash + # while true; do + # /bin/sleep 15 + # /sbin/ip link set dev tun0 mtu ${toString mtu} 2>/dev/null || true + # done + # ''; + #}; vpn-entry = pkgs.writeTextFile { name = "vpn-entry"; destination = "/scripts/vpn-entry.sh"; executable = true; text = '' #!/bin/ash - /scripts/vpn-force-mtu.sh & + #/scripts/vpn-force-mtu.sh & /gluetun-entrypoint ''; }; @@ -45,7 +45,7 @@ let name = "vpn-scripts"; paths = [ vpn-entry - vpn-force-mtu + #vpn-force-mtu ]; }; @@ -63,20 +63,19 @@ let contents = [ vpn-scripts ]; }; - piaCountries = [ + vpnCountries = [ "Albania" "Austria" "Belgium" - "Bosnia and Herzegovina" "Bulgaria" + "Croatia" + "Cyprus" "Czech Republic" - "ES Madrid" - "ES Valencia" + "Spain" "Estonia" - "Georgia" "Greece" "Hungary" - "IT Milano" + "Italy" "Poland" "Portugal" "Romania" @@ -93,15 +92,15 @@ in #./qbittorrent.nix ]; - age.secrets.pia-login-secrets = { - file = ../../secrets/pia-login-secrets.age; + age.secrets.mullvad-gluetun = { + file = ../../secrets/mullvad-gluetun.age; }; foundation = { networks.vpn = { enable = true; driver = "bridge"; - # current vpn does not support ipv6! + # we currenly avoid ipv6 for vpn. ipv6.enable = false; # lower MTU to prevent packet non-deliverability inherit mtu; @@ -133,13 +132,16 @@ in devices = [ "/dev/net/tun" ]; environment = { - VPN_SERVICE_PROVIDER = "private internet access"; - VPN_TYPE = "openvpn"; - OPENVPN_MSSFIX = toString mtu; - SERVER_REGIONS = lib.concatStringsSep "," piaCountries; + # the mullvad device representing this vpn container + # is named "driven fish". + VPN_SERVICE_PROVIDER = "mullvad"; + VPN_TYPE = "wireguard"; + WIREGUARD_ADDRESSES = "10.73.131.255/32"; + WIREGUARD_MTU = toString mtu; + SERVER_COUNTRIES = lib.concatStringsSep "," vpnCountries; }; - environmentFiles = [ config.age.secrets.pia-login-secrets.path ]; + environmentFiles = [ config.age.secrets.mullvad-gluetun.path ]; }; }; }; |