diff options
| author | Yannick Markus <ym@ymarkus.dev> | 2021-05-06 13:23:54 +0200 |
|---|---|---|
| committer | Yannick Markus <ym@ymarkus.dev> | 2021-07-13 11:14:13 +0200 |
| commit | 19b1eac1b07b2c13555593fa4fbc53cffc61952c (patch) | |
| tree | 7c31218aa8367843c3ff9582f2b21e1576fef685 /nixos | |
| parent | e32d4976232a4a4f00c104071524cb0b3b9f664e (diff) | |
| download | nixpkgs-19b1eac1b07b2c13555593fa4fbc53cffc61952c.tar nixpkgs-19b1eac1b07b2c13555593fa4fbc53cffc61952c.tar.gz nixpkgs-19b1eac1b07b2c13555593fa4fbc53cffc61952c.tar.bz2 nixpkgs-19b1eac1b07b2c13555593fa4fbc53cffc61952c.tar.lz nixpkgs-19b1eac1b07b2c13555593fa4fbc53cffc61952c.tar.xz nixpkgs-19b1eac1b07b2c13555593fa4fbc53cffc61952c.tar.zst nixpkgs-19b1eac1b07b2c13555593fa4fbc53cffc61952c.zip | |
nixos/mullvad-vpn: fix firewall issues & remove xfix as maintainer
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/mullvad-vpn.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/mullvad-vpn.nix b/nixos/modules/services/networking/mullvad-vpn.nix index 8ce71f26b3e..9ec1ddc929e 100644 --- a/nixos/modules/services/networking/mullvad-vpn.nix +++ b/nixos/modules/services/networking/mullvad-vpn.nix @@ -9,6 +9,7 @@ with lib; default = false; description = '' This option enables Mullvad VPN daemon. + This sets <option>networking.firewall.checkReversePath</option> to "loose", which might be undesirable for security. ''; }; @@ -18,6 +19,9 @@ with lib; # mullvad-daemon writes to /etc/iproute2/rt_tables networking.iproute2.enable = true; + # See https://github.com/NixOS/nixpkgs/issues/113589 + networking.firewall.checkReversePath = "loose"; + systemd.services.mullvad-daemon = { description = "Mullvad VPN daemon"; wantedBy = [ "multi-user.target" ]; @@ -42,5 +46,5 @@ with lib; }; }; - meta.maintainers = [ maintainers.xfix ]; + meta.maintainers = with maintainers; [ ymarkus ]; } |