update mullvad setup on wheatley

2026-01-08 16:19:45 +01:00 · 2026-01-08 16:19:45 +01:00 · 803602949b
commit 803602949b
parent 9fe280f753
1 changed files with 6 additions and 4 deletions
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@ -170,23 +170,25 @@
      pkgs.stubby.passthru.settingsExample
      // {
        upstream_recursive_servers = [
+          # kdig -d @194.242.2.4 +tls-ca +tls-host=base.dns.mullvad.net example.com
          {
            address_data = "192.242.2.4";
            tls_auth_name = "base.dns.mullvad.net";
            tls_pubkey_pinset = [
              {
                digest = "sha256";
-                value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
+                value = "vRABi3U719mJG1E/XyyrJ+3K43XdmJB+XuzaKESPRSs=";
              }
            ];
          }
+          # kdig -d @2a07:e340::4 +tls-ca +tls-host=base.dns.mullvad.net example.com
          {
            address_data = "2a07:e340::4";
            tls_auth_name = "base.dns.mullvad.net";
            tls_pubkey_pinset = [
              {
                digest = "sha256";
-                value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
+                value = "1ABYdzvvAq7Ec7+Wl5KrRcgPeXsIGLBU7I+89u94bcw=";
              }
            ];
          }
@ -249,7 +251,7 @@
      # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
      # TODO: generate this dynamically based on other hosts
      wg0 = {
-        address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"];
+        address = ["10.73.141.73/32" "fc00:bbbb:bbbb:bb01::a:8d48/128"];
        privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
        dns = ["100.64.0.7"];
        extraOptions = {
@ -274,7 +276,7 @@
          {
            publicKey = "/wPQafVa/60OIp8KqhC1xTTG+nQXZF17uo8XfdUnz2E=";
            allowedIPs = ["0.0.0.0/0" "::0/0"];
-            endpoint = "31.171.154.50:51820";
+            endpoint = "193.32.249.70:51820";
          }
        ];
      };