1 files changed, 30 insertions, 28 deletions
diff --git a/services/torrent/default.nix b/services/torrent/default.nix
index 7fed955..dbbdf7c 100644
--- a/services/torrent/default.nix
+++ b/services/torrent/default.nix
@@ -18,25 +18,25 @@ let
 
   # gluetun openvpn likes to ignore my mtu settings,
   # so we set it forcefully every 15 seconds.
-  vpn-force-mtu = pkgs.writeTextFile {
-    name = "vpn-force-mtu";
-    destination = "/scripts/vpn-force-mtu.sh";
-    executable = true;
-    text = ''
-      #!/bin/ash
-      while true; do
-        /bin/sleep 15
-        /sbin/ip link set dev tun0 mtu ${toString mtu} 2>/dev/null || true
-      done
-    '';
-  };
+  #vpn-force-mtu = pkgs.writeTextFile {
+  #  name = "vpn-force-mtu";
+  #  destination = "/scripts/vpn-force-mtu.sh";
+  #  executable = true;
+  #  text = ''
+  #    #!/bin/ash
+  #    while true; do
+  #      /bin/sleep 15
+  #      /sbin/ip link set dev tun0 mtu ${toString mtu} 2>/dev/null || true
+  #    done
+  #  '';
+  #};
   vpn-entry = pkgs.writeTextFile {
     name = "vpn-entry";
     destination = "/scripts/vpn-entry.sh";
     executable = true;
     text = ''
       #!/bin/ash
-      /scripts/vpn-force-mtu.sh &
+      #/scripts/vpn-force-mtu.sh &
       /gluetun-entrypoint
     '';
   };
@@ -45,7 +45,7 @@ let
     name = "vpn-scripts";
     paths = [
       vpn-entry
-      vpn-force-mtu
+      #vpn-force-mtu
     ];
   };
 
@@ -63,20 +63,19 @@ let
     contents = [ vpn-scripts ];
   };
 
-  piaCountries = [
+  vpnCountries = [
     "Albania"
     "Austria"
     "Belgium"
-    "Bosnia and Herzegovina"
     "Bulgaria"
+    "Croatia"
+    "Cyprus"
     "Czech Republic"
-    "ES Madrid"
-    "ES Valencia"
+    "Spain"
     "Estonia"
-    "Georgia"
     "Greece"
     "Hungary"
-    "IT Milano"
+    "Italy"
     "Poland"
     "Portugal"
     "Romania"
@@ -93,15 +92,15 @@ in
     #./qbittorrent.nix
   ];
 
-  age.secrets.pia-login-secrets = {
-    file = ../../secrets/pia-login-secrets.age;
+  age.secrets.mullvad-gluetun = {
+    file = ../../secrets/mullvad-gluetun.age;
   };
 
   foundation = {
     networks.vpn = {
       enable = true;
       driver = "bridge";
-      # current vpn does not support ipv6!
+      # we currenly avoid ipv6 for vpn.
       ipv6.enable = false;
       # lower MTU to prevent packet non-deliverability
       inherit mtu;
@@ -133,13 +132,16 @@ in
         devices = [ "/dev/net/tun" ];
 
         environment = {
-          VPN_SERVICE_PROVIDER = "private internet access";
-          VPN_TYPE = "openvpn";
-          OPENVPN_MSSFIX = toString mtu;
-          SERVER_REGIONS = lib.concatStringsSep "," piaCountries;
+          # the mullvad device representing this vpn container
+          # is named "driven fish".
+          VPN_SERVICE_PROVIDER = "mullvad";
+          VPN_TYPE = "wireguard";
+          WIREGUARD_ADDRESSES = "10.73.131.255/32";
+          WIREGUARD_MTU = toString mtu;
+          SERVER_COUNTRIES = lib.concatStringsSep "," vpnCountries;
         };
 
-        environmentFiles = [ config.age.secrets.pia-login-secrets.path ];
+        environmentFiles = [ config.age.secrets.mullvad-gluetun.path ];
       };
     };
   };