From 84effe92c685f9cd316daadbe3a92fd0a1fad57c Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Tue, 12 Sep 2023 12:17:41 +0800
Subject: [PATCH] nebula: bypass xray client transparent proxy

---
 modules/services/xray.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/services/xray.nix b/modules/services/xray.nix
index 0ea03c89..07390368 100644
--- a/modules/services/xray.nix
+++ b/modules/services/xray.nix
@@ -269,6 +269,12 @@ inputs:
                     ${iptables} -t mangle -N v2ray_mark -w
                     ${iptables} -t mangle -A OUTPUT -j v2ray_mark -w
                     ${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u v2ray) -j RETURN -w
+                    ${
+                      if inputs.config.nixos.system.networking.nebula.enable then
+                        let user = inputs.config.systemd.services."nebula@nebula".serviceConfig.User; in
+                        "${iptables} -t mangle -A v2ray_mark -m owner --uid-owner $(id -u ${user}) -j RETURN -w"
+                      else ""
+                    }
                     ${iptables} -t mangle -A v2ray_mark -m set --match-set noproxy_src_net src -j RETURN -w
                     ${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p tcp -j MARK --set-mark 1/1 -w
                     ${iptables} -t mangle -A v2ray_mark -m set --match-set xmu_net dst -p udp -j MARK --set-mark 1/1 -w