Implemented a temporary fix to make it work when cgroup v2 is required

When cgroup v2 is required by default by docker or the OS we need to use the --cgroupns=host to allow the mullvad app to startup correctly. However, the cgroupns switch is not implemented in the docker compose spec, so we have to wait for its implementation.

To get around this problem, the main mullvad container is taken out of the docker compose file and we run it on its own in the setup.sh script using docker run with the --cgroupns=host switch. After the container is setup, we then use the docker compose file to setup the rest of the containers.

Reference:

docker/for-mac#6073
compose-spec/compose-spec#148
docker/compose#8167

.env.example

@@ -1,3 +1,4 @@
 ACCOUNT_NUMBER=
+DEFAULT_COUNTRY=se
 HTTP_PORT=8118
 SOCKS5_PORT=1080

docker-compose.yml

@@ -1,41 +1,43 @@
 version: "3.3"
 services:
-  mullvad:
-    build: mullvad/.
-    image: "mullvad:latest"
-    container_name: mvpn
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-    sysctls:
-      net.ipv4.conf.all.src_valid_mark: 1
-    restart: unless-stopped
-    privileged: true
-    ports:
-      - 61000:1080
-      - 61001:8118
+  # mullvad:
+  #   build: mullvad/.
+  #   image: "mullvad:latest"
+  #   container_name: mvpn
+  #   cap_add:
+  #     - NET_ADMIN
+  #     - SYS_MODULE
+  #   sysctls:
+  #     net.ipv4.conf.all.src_valid_mark: 1
+  #   restart: unless-stopped
+  #   privileged: true
+  #   ports:
+  #     - 61000:1080
+  #     - 61001:8118
   http:
     image: "caligari/privoxy:latest"
     container_name: mvpn-http
     restart: unless-stopped
-    network_mode: service:mullvad
-    depends_on:
-      - mullvad
+    network_mode: container:mvpn
+    # network_mode: service:mullvad
+    # depends_on:
+    #   - mullvad
   socks5:
     build: socks5/.
     image: mvpn-socks5
     container_name: mvpn-socks5
     restart: unless-stopped
-    network_mode: service:mullvad
-    depends_on:
-      - mullvad
+    network_mode: container:mvpn
+    # network_mode: service:mullvad
+    # depends_on:
+    #   - mullvad
   proxy:
     build: proxy/.
     image: mvpn-proxy
     container_name: mvpn-proxy
     restart: unless-stopped
-    depends_on:
-      - mullvad
+    # depends_on:
+    #   - mullvad
     ports:
       - ${HTTP_PORT:-8118}:8118
       - ${SOCK5_PORT:-1080}:1080

down.sh

@@ -4,4 +4,6 @@ echo "Getting account info and wireguard key..."
 docker exec -it mvpn mullvad account get
 docker exec -it mvpn mullvad tunnel wireguard key check
 docker-compose down
-echo "Remember to delete the above wireguard keys from the account to free them up."
+docker stop mvpn > /dev/null
+docker rm mvpn > /dev/null
+echo "Delete the above wireguard key at https://mullvad.net/en/account/#/ports"

mullvad/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:21.10
+FROM ubuntu:20.04
 
 LABEL maintainer="Bernard Ko <bernardko@gmail.com>"
 

setup.sh

@@ -13,6 +13,9 @@ if [ -z "$ACCOUNT" ]; then
     read ACCOUNT
 fi
 
+docker build -t mullvad:latest mullvad/.
+docker run --privileged --cgroupns=host --cap-add=NET_ADMIN --cap-add=SYS_MODULE --restart unless-stopped --name mvpn -d  -p 61000:1080 -p 61001:8118 mullvad:latest
+
 if [ -f "$ENVFILE" ]; then
     docker-compose --env-file $ENVFILE up -d
 else 
@@ -25,6 +28,10 @@ if [ -n "$ACCOUNT" ]; then
     docker exec -it mvpn mullvad account get
     docker exec -it mvpn mullvad account set $ACCOUNT
     docker exec -it mvpn mullvad relay set tunnel-protocol wireguard
+    if [ -n "$DEFAULT_COUNTRY" ]; then
+        echo "Setting Relay Location: $DEFAULT_COUNTRY"
+        docker exec -it mvpn mullvad relay set location $DEFAULT_COUNTRY
+    fi
     docker exec -it mvpn mullvad always-require-vpn set on
     docker exec -it mvpn mullvad lan set allow
     docker exec -it mvpn mullvad auto-connect set on