From 075a0eb59a63e60ed7eee7419f0b569dc456898a Mon Sep 17 00:00:00 2001 From: Henri Dohmen Date: Thu, 29 May 2025 10:52:29 +0200 Subject: [PATCH] update & mullvad --- flake.lock | 12 ++++----- mod/common/boot.nix | 2 ++ mod/pc-common/network.nix | 51 ++++++++++++++------------------------- 3 files changed, 26 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 2be0811..79090f9 100644 --- a/flake.lock +++ b/flake.lock @@ -60,11 +60,11 @@ ] }, "locked": { - "lastModified": 1748227609, - "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", + "lastModified": 1748489961, + "narHash": "sha256-uGnudxMoQi2c8rpPoHXuQSm80NBqlOiNF4xdT3hhzLM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", + "rev": "95c988cf08e9a5a8fe7cc275d5e3f24e9e87bd51", "type": "github" }, "original": { @@ -148,11 +148,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1748190013, - "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", + "lastModified": 1748370509, + "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", + "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "type": "github" }, "original": { diff --git a/mod/common/boot.nix b/mod/common/boot.nix index 6e6b9fe..037a7cf 100644 --- a/mod/common/boot.nix +++ b/mod/common/boot.nix @@ -16,5 +16,7 @@ kernelPackages = pkgs.linuxPackages_6_13; kernel.sysctl."kernel.sysrq" = 1; + + initrd.systemd.network.wait-online.enable = false; }; } diff --git a/mod/pc-common/network.nix b/mod/pc-common/network.nix index f86d4b0..3fbaa26 100644 --- a/mod/pc-common/network.nix +++ b/mod/pc-common/network.nix @@ -6,15 +6,28 @@ }: { hardware.bluetooth.enable = true; - services.blueman.enable = true; - systemd.services.NetworkManager-wait-online.enable = false; + systemd.network.wait-online.enable = false; - services.tailscale = { - enable = true; - useRoutingFeatures = "client"; + services = { + tailscale = { + enable = true; + useRoutingFeatures = "client"; + }; + mullvad-vpn.enable = true; + blueman.enable = true; + resolved = { + enable = true; + dnssec = "true"; + dnsovertls = "true"; + fallbackDns = [ ]; + }; }; networking = { + nameservers = [ + "1.1.1.1#one.one.one.one" + "1.0.0.1#one.one.one.one" + ]; enableIPv6 = true; wireguard.enable = true; @@ -25,34 +38,6 @@ privateKeyFile = var.wg.keyFile; peers = [ (lib.removeAttrs var.wg.wireguard-network."roam" [ "ips" ]) ]; }; - "mullvad" = - let - conf = { - "solo".ips = [ - "10.68.140.249/32" - "fc00:bbbb:bbbb:bb01::5:8cf8/128" - ]; - "c2".ips = [ - "10.64.179.105/32" - "fc00:bbbb:bbbb:bb01::1:b368/128" - ]; - }; - in - { - address = conf.${host}.ips; - privateKeyFile = var.wg.keyFile; - peers = [ - { - allowedIPs = [ - "0.0.0.0/0" - "::0/0" - ]; - endpoint = "185.213.155.72:51820"; - publicKey = "flq7zR8W5FxouHBuZoTRHY0A0qFEMQZF5uAgV4+sHVw="; - persistentKeepalive = 23; - } - ]; - }; }; };