everything is updated, everything is wonderful

author: scouckel <james.krinsky@gmail.com> 2026-04-04 02:35:03 +0200
committer: scouckel <james.krinsky@gmail.com> 2026-04-04 02:35:03 +0200
commit: 9a58c5f1857549f17e98adc9e385e4c4fb20d53a (patch)
tree: b7a59b50831ace76e879758f24a5750aa865c727 /modules/nixosModules/desktop/mullvad.nix
parent: 50044b7a87bc9f59452855a96a2013c9b000a0a1 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/modules/nixosModules/desktop/mullvad.nix b/modules/nixosModules/desktop/mullvad.nix
new file mode 100644
index 0000000..9f2892c
--- /dev/null
+++ b/modules/nixosModules/desktop/mullvad.nix
@@ -0,0 +1,22 @@
+{lib, ...}: {
+  flake.nixosModules.mullvad = { pkgs, ... }: {
+    services.mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+      enableExcludeWrapper = true;
+    };
+
+    # allow tailscale traffic through
+    networking.nftables.tables.mullvad_tailscale = {
+      content = ''
+        chain output {
+          type route hook output priority 0; policy accept;
+          ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+        }
+      '';
+      family = "inet";
+    };
+
+    systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=nftables" ];
+  };
+}
author	scouckel <james.krinsky@gmail.com>	2026-04-04 02:35:03 +0200
committer	scouckel <james.krinsky@gmail.com>	2026-04-04 02:35:03 +0200
commit	9a58c5f1857549f17e98adc9e385e4c4fb20d53a (patch)
tree	b7a59b50831ace76e879758f24a5750aa865c727 /modules/nixosModules/desktop/mullvad.nix
parent	50044b7a87bc9f59452855a96a2013c9b000a0a1 (diff)