phone: Add mullvad support by disabling checkReversePath

`networking.firewall.checkReversePath` was being set to "loose" from Mullvad VPN, which was causing an issue with the kernel used by the PinePhone with Mobile NixOS. By changing this option to `false`, we get rid of the "This kernel does not support rpfilter" error, which seems to be inaccurate due to the result of `sysctl -a | grep \\.rp_filter` on the phone being consistent with the result on the laptop.
2025-02-13 08:19:29 +01:00 · 2024-06-21 19:12:01 -04:00 · 2024-06-21 19:12:01 -04:00 · 31ab36fe78
commit 31ab36fe78
parent e030aa9687
2 changed files with 7 additions and 0 deletions
--- a/hosts/phone/configuration.nix
+++ b/hosts/phone/configuration.nix
@ -27,6 +27,10 @@ in
      phone = true;
      sensor = true;
    };
+
+    system = {
+      mullvad = true;
+    };
  };

  environment = {
--- a/modules/system.nix
+++ b/modules/system.nix
@ -227,6 +227,8 @@ in
        allowedTCPPorts = mkIf allowDevPort [
          3000
        ];
+
+        checkReversePath = mkIf phone (lib.mkForce false);
      };
    };

@ -236,6 +238,7 @@ in
      mullvad-vpn = mkIf mullvad {
        enable = true;
        enableExcludeWrapper = false;
+        package = pkgs.mullvad-vpn;
      };

      postgresql = mkIf postgres {