51 lines
2.0 KiB
Diff
51 lines
2.0 KiB
Diff
diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix
|
|
index e1e640c4474..1578f8680c8 100644
|
|
--- a/nixos/modules/virtualisation/nixos-containers.nix
|
|
+++ b/nixos/modules/virtualisation/nixos-containers.nix
|
|
@@ -445,6 +445,7 @@ let
|
|
localAddress = null;
|
|
localAddress6 = null;
|
|
tmpfs = null;
|
|
+ mullvadExclude = false;
|
|
};
|
|
|
|
in
|
|
@@ -691,6 +692,14 @@ in
|
|
'';
|
|
};
|
|
|
|
+ mullvadExclude = mkOption {
|
|
+ type = types.bool;
|
|
+ default = false;
|
|
+ description = lib.mdDoc ''
|
|
+ Start container with mullvad-exclude.
|
|
+ '';
|
|
+ };
|
|
+
|
|
# Removed option. See `checkAssertion` below for the accompanying error message.
|
|
pkgs = mkOption { visible = false; };
|
|
} // networkOptions;
|
|
@@ -767,6 +776,8 @@ in
|
|
|
|
postStart = postStartScript dummyConfig;
|
|
|
|
+ postStop = mkIf dummyConfig.mullvadExclude "";
|
|
+
|
|
restartIfChanged = false;
|
|
|
|
serviceConfig = serviceDirectives dummyConfig;
|
|
@@ -797,7 +808,12 @@ in
|
|
recursiveUpdate unit {
|
|
preStart = preStartScript containerConfig;
|
|
script = startScript containerConfig;
|
|
- postStart = postStartScript containerConfig;
|
|
+ postStart = (if containerConfig.mullvadExclude then ''
|
|
+ ${config.services.mullvad-vpn.package}/bin/mullvad split-tunnel pid add $MAINPID
|
|
+ '' else "") + postStartScript containerConfig;
|
|
+ postStop = mkIf containerConfig.mullvadExclude ''
|
|
+ ${config.services.mullvad-vpn.package}/bin/mullvad split-tunnel pid delete $MAINPID
|
|
+ '';
|
|
serviceConfig = serviceDirectives containerConfig;
|
|
unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i";
|
|
environment.root = if containerConfig.ephemeral then "/run/nixos-containers/%i" else "${stateDirectory}/%i";
|