From 172fa89eccf5ecaf96da012c7d242851418981d7 Mon Sep 17 00:00:00 2001
From: Bernard Ko <bernardko@gmail.com>
Date: Wed, 30 Mar 2022 14:49:51 -0400
Subject: [PATCH] Implemented a temporary fix to make it work when cgroup v2 is
 required

When cgroup v2 is required by default by docker or the OS we need to use the --cgroupns=host to allow the mullvad app to startup correctly. However, the cgroupns switch is not implemented in the docker compose spec, so we have to wait for its implementation.

To get around this problem, the main mullvad container is taken out of the docker compose file and we run it on its own in the setup.sh script using docker run with the --cgroupns=host switch. After the container is setup, we then use the docker compose file to setup the rest of the containers.

Reference:

docker/for-mac#6073
compose-spec/compose-spec#148
docker/compose#8167
---
 .env.example       |  1 +
 docker-compose.yml | 46 ++++++++++++++++++++++++----------------------
 down.sh            |  4 +++-
 mullvad/Dockerfile |  2 +-
 setup.sh           |  7 +++++++
 5 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/.env.example b/.env.example
index ba3ec67..667762f 100644
--- a/.env.example
+++ b/.env.example
@@ -1,3 +1,4 @@
 ACCOUNT_NUMBER=
+DEFAULT_COUNTRY=se
 HTTP_PORT=8118
 SOCKS5_PORT=1080
diff --git a/docker-compose.yml b/docker-compose.yml
index 086ee3d..cb0c32d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,41 +1,43 @@
 version: "3.3"
 services:
-  mullvad:
-    build: mullvad/.
-    image: "mullvad:latest"
-    container_name: mvpn
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-    sysctls:
-      net.ipv4.conf.all.src_valid_mark: 1
-    restart: unless-stopped
-    privileged: true
-    ports:
-      - 61000:1080
-      - 61001:8118
+  # mullvad:
+  #   build: mullvad/.
+  #   image: "mullvad:latest"
+  #   container_name: mvpn
+  #   cap_add:
+  #     - NET_ADMIN
+  #     - SYS_MODULE
+  #   sysctls:
+  #     net.ipv4.conf.all.src_valid_mark: 1
+  #   restart: unless-stopped
+  #   privileged: true
+  #   ports:
+  #     - 61000:1080
+  #     - 61001:8118
   http:
     image: "caligari/privoxy:latest"
     container_name: mvpn-http
     restart: unless-stopped
-    network_mode: service:mullvad
-    depends_on:
-      - mullvad
+    network_mode: container:mvpn
+    # network_mode: service:mullvad
+    # depends_on:
+    #   - mullvad
   socks5:
     build: socks5/.
     image: mvpn-socks5
     container_name: mvpn-socks5
     restart: unless-stopped
-    network_mode: service:mullvad
-    depends_on:
-      - mullvad
+    network_mode: container:mvpn
+    # network_mode: service:mullvad
+    # depends_on:
+    #   - mullvad
   proxy:
     build: proxy/.
     image: mvpn-proxy
     container_name: mvpn-proxy
     restart: unless-stopped
-    depends_on:
-      - mullvad
+    # depends_on:
+    #   - mullvad
     ports:
       - ${HTTP_PORT:-8118}:8118
       - ${SOCK5_PORT:-1080}:1080
diff --git a/down.sh b/down.sh
index e431a55..b3e3bc3 100755
--- a/down.sh
+++ b/down.sh
@@ -4,4 +4,6 @@ echo "Getting account info and wireguard key..."
 docker exec -it mvpn mullvad account get
 docker exec -it mvpn mullvad tunnel wireguard key check
 docker-compose down
-echo "Remember to delete the above wireguard keys from the account to free them up."
\ No newline at end of file
+docker stop mvpn > /dev/null
+docker rm mvpn > /dev/null
+echo "Delete the above wireguard key at https://mullvad.net/en/account/#/ports"
\ No newline at end of file
diff --git a/mullvad/Dockerfile b/mullvad/Dockerfile
index 6313bb8..9991c7d 100644
--- a/mullvad/Dockerfile
+++ b/mullvad/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:21.10
+FROM ubuntu:20.04
 
 LABEL maintainer="Bernard Ko <bernardko@gmail.com>"
 
diff --git a/setup.sh b/setup.sh
index 7319fc4..0d158d6 100755
--- a/setup.sh
+++ b/setup.sh
@@ -13,6 +13,9 @@ if [ -z "$ACCOUNT" ]; then
     read ACCOUNT
 fi
 
+docker build -t mullvad:latest mullvad/.
+docker run --privileged --cgroupns=host --cap-add=NET_ADMIN --cap-add=SYS_MODULE --restart unless-stopped --name mvpn -d  -p 61000:1080 -p 61001:8118 mullvad:latest
+
 if [ -f "$ENVFILE" ]; then
     docker-compose --env-file $ENVFILE up -d
 else 
@@ -25,6 +28,10 @@ if [ -n "$ACCOUNT" ]; then
     docker exec -it mvpn mullvad account get
     docker exec -it mvpn mullvad account set $ACCOUNT
     docker exec -it mvpn mullvad relay set tunnel-protocol wireguard
+    if [ -n "$DEFAULT_COUNTRY" ]; then
+        echo "Setting Relay Location: $DEFAULT_COUNTRY"
+        docker exec -it mvpn mullvad relay set location $DEFAULT_COUNTRY
+    fi
     docker exec -it mvpn mullvad always-require-vpn set on
     docker exec -it mvpn mullvad lan set allow
     docker exec -it mvpn mullvad auto-connect set on