Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update mullvad setup on wheatley

Browse source
This commit is contained in:
Lillian Violet 2026-01-08 16:19:45 +01:00
parent 9fe280f753
commit 803602949b
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
nixos/hosts/wheatley/configuration.nix
View file

@ -170,23 +170,25 @@
pkgs.stubby.passthru.settingsExample pkgs.stubby.passthru.settingsExample
// { // {
upstream_recursive_servers = [ upstream_recursive_servers = [
# kdig -d @194.242.2.4 +tls-ca +tls-host=base.dns.mullvad.net example.com
{ {
address_data = "192.242.2.4"; address_data = "192.242.2.4";
tls_auth_name = "base.dns.mullvad.net"; tls_auth_name = "base.dns.mullvad.net";
tls_pubkey_pinset = [ tls_pubkey_pinset = [
{ {
digest = "sha256"; digest = "sha256";
value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI="; value = "vRABi3U719mJG1E/XyyrJ+3K43XdmJB+XuzaKESPRSs=";
} }
]; ];
} }
# kdig -d @2a07:e340::4 +tls-ca +tls-host=base.dns.mullvad.net example.com
{ {
address_data = "2a07:e340::4"; address_data = "2a07:e340::4";
tls_auth_name = "base.dns.mullvad.net"; tls_auth_name = "base.dns.mullvad.net";
tls_pubkey_pinset = [ tls_pubkey_pinset = [
{ {
digest = "sha256"; digest = "sha256";
value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI="; value = "1ABYdzvvAq7Ec7+Wl5KrRcgPeXsIGLBU7I+89u94bcw=";
} }
]; ];
} }
@ -249,7 +251,7 @@
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg= # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
# TODO: generate this dynamically based on other hosts # TODO: generate this dynamically based on other hosts
wg0 = { wg0 = {
address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"]; address = ["10.73.141.73/32" "fc00:bbbb:bbbb:bb01::a:8d48/128"];
privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path; privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
dns = ["100.64.0.7"]; dns = ["100.64.0.7"];
extraOptions = { extraOptions = {
@ -274,7 +276,7 @@
{ {
publicKey = "/wPQafVa/60OIp8KqhC1xTTG+nQXZF17uo8XfdUnz2E="; publicKey = "/wPQafVa/60OIp8KqhC1xTTG+nQXZF17uo8XfdUnz2E=";
allowedIPs = ["0.0.0.0/0" "::0/0"]; allowedIPs = ["0.0.0.0/0" "::0/0"];
endpoint = "31.171.154.50:51820"; endpoint = "193.32.249.70:51820";
} }
]; ];
}; };