From 9a58c5f1857549f17e98adc9e385e4c4fb20d53a Mon Sep 17 00:00:00 2001
From: scouckel <james.krinsky@gmail.com>
Date: Sat, 4 Apr 2026 02:35:03 +0200
Subject: everything is updated, everything is wonderful

---
 modules/nixosModules/desktop/mullvad.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 modules/nixosModules/desktop/mullvad.nix

(limited to 'modules/nixosModules/desktop/mullvad.nix')

diff --git a/modules/nixosModules/desktop/mullvad.nix b/modules/nixosModules/desktop/mullvad.nix
new file mode 100644
index 0000000..9f2892c
--- /dev/null
+++ b/modules/nixosModules/desktop/mullvad.nix
@@ -0,0 +1,22 @@
+{lib, ...}: {
+  flake.nixosModules.mullvad = { pkgs, ... }: {
+    services.mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+      enableExcludeWrapper = true;
+    };
+
+    # allow tailscale traffic through
+    networking.nftables.tables.mullvad_tailscale = {
+      content = ''
+        chain output {
+          type route hook output priority 0; policy accept;
+          ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+        }
+      '';
+      family = "inet";
+    };
+
+    systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=nftables" ];
+  };
+}
-- 
cgit v1.3