merge things idk

author: scouckel <james.krinsky@gmail.com> 2026-04-05 20:57:53 -0400
committer: scouckel <james.krinsky@gmail.com> 2026-04-05 20:57:53 -0400
commit: dd42457fd66328d1ac850498bba865c721db6075 (patch)
tree: 01b1d9fbe4d6f90aa3f9fcea05f3962001cb9562 /modules/nixosModules/desktop/mullvad.nix
parent: 9a58c5f1857549f17e98adc9e385e4c4fb20d53a (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/modules/nixosModules/desktop/mullvad.nix b/modules/nixosModules/desktop/mullvad.nix
index 9f2892c..0ac8fb9 100644
--- a/modules/nixosModules/desktop/mullvad.nix
+++ b/modules/nixosModules/desktop/mullvad.nix
@@ -1,22 +1,25 @@
 {lib, ...}: {
-  flake.nixosModules.mullvad = { pkgs, ... }: {
+  flake.nixosModules.mullvad = {pkgs, ...}: {
     services.mullvad-vpn = {
       enable = true;
       package = pkgs.mullvad-vpn;
       enableExcludeWrapper = true;
     };
 
+    services.resolved.enable = true;
+
     # allow tailscale traffic through
+    networking.nftables.enable = true;
     networking.nftables.tables.mullvad_tailscale = {
       content = ''
         chain output {
-          type route hook output priority 0; policy accept;
+          type route hook output priority -100; policy accept;
           ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
         }
       '';
       family = "inet";
     };
 
-    systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=nftables" ];
+    systemd.services.tailscaled.serviceConfig.Environment = ["TS_DEBUG_FIREWALL_MODE=nftables"];
   };
 }
author	scouckel <james.krinsky@gmail.com>	2026-04-05 20:57:53 -0400
committer	scouckel <james.krinsky@gmail.com>	2026-04-05 20:57:53 -0400
commit	dd42457fd66328d1ac850498bba865c721db6075 (patch)
tree	01b1d9fbe4d6f90aa3f9fcea05f3962001cb9562 /modules/nixosModules/desktop/mullvad.nix
parent	9a58c5f1857549f17e98adc9e385e4c4fb20d53a (diff)