blob: 0ac8fb95fae71aa4096dd61c6496c2a8533e1de4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
{lib, ...}: {
flake.nixosModules.mullvad = {pkgs, ...}: {
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
enableExcludeWrapper = true;
};
services.resolved.enable = true;
# allow tailscale traffic through
networking.nftables.enable = true;
networking.nftables.tables.mullvad_tailscale = {
content = ''
chain output {
type route hook output priority -100; policy accept;
ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
'';
family = "inet";
};
systemd.services.tailscaled.serviceConfig.Environment = ["TS_DEBUG_FIREWALL_MODE=nftables"];
};
}
|
