{ host, var, lib, ... }: { hardware.bluetooth.enable = true; services.blueman.enable = true; systemd.services.NetworkManager-wait-online.enable = false; services.tailscale = { enable = true; useRoutingFeatures = "client"; }; networking = { enableIPv6 = true; wireguard.enable = true; wg-quick = { interfaces = { "onet" = { address = var.wg.wireguard-network.${host}.ips; privateKeyFile = var.wg.keyFile; peers = [ (lib.removeAttrs var.wg.wireguard-network."roam" [ "ips" ]) ]; }; "mullvad" = let conf = { "solo".ips = [ "10.68.140.249/32" "fc00:bbbb:bbbb:bb01::5:8cf8/128" ]; "c2".ips = [ "10.64.179.105/32" "fc00:bbbb:bbbb:bb01::1:b368/128" ]; }; in { address = conf.${host}.ips; privateKeyFile = var.wg.keyFile; peers = [ { allowedIPs = [ "0.0.0.0/0" "::0/0" ]; endpoint = "185.213.155.72:51820"; publicKey = "flq7zR8W5FxouHBuZoTRHY0A0qFEMQZF5uAgV4+sHVw="; persistentKeepalive = 23; } ]; }; }; }; firewall = { allowedUDPPorts = [ 51820 ]; }; networkmanager = { enable = true; wifi.macAddress = "random"; ensureProfiles.profiles = { "tuda-vpn" = { connection = { autoconnect = "false"; id = "tuda-vpn"; type = "vpn"; }; ipv4 = { method = "auto"; }; ipv6 = { addr-gen-mode = "stable-privacy"; method = "auto"; }; vpn = { authtype = "password"; autoconnect-flags = "0"; certsigs-flags = "0"; cookie-flags = "2"; disable_udp = "no"; enable_csd_trojan = "no"; gateway = "vpn.hrz.tu-darmstadt.de"; gateway-flags = "2"; gwcert-flags = "2"; lasthost-flags = "0"; pem_passphrase_fsid = "no"; prevent_invalid_cert = "no"; protocol = "anyconnect"; resolve-flags = "2"; service-type = "org.freedesktop.NetworkManager.openconnect"; stoken_source = "disabled"; xmlconfig-flags = "0"; password-flags = 0; }; }; }; }; }; }