From 2d9888dd4ecb7a283ea6ab1d60b9b4ed78f149bd Mon Sep 17 00:00:00 2001
From: Youwen Wu <youwenw@gmail.com>
Date: Fri, 25 Jul 2025 13:09:23 +0800
Subject: [PATCH] feat: split tunnel THU TUNA mirror through mullvad

---
 modules/linux/networking/default.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/modules/linux/networking/default.nix b/modules/linux/networking/default.nix
index 0bc73f3..32b3e56 100755
--- a/modules/linux/networking/default.nix
+++ b/modules/linux/networking/default.nix
@@ -50,6 +50,22 @@ in
   config = lib.mkIf cfg.enable {
     services.openssh.enable = true;
 
+    networking.nftables = {
+      enable = true;
+      ruleset = ''
+        define EXCLUDED_IPS = {
+          101.6.15.130
+        }
+
+        table inet excludeTraffic {
+          chain excludeOutgoing {
+            type route hook output priority 0; policy accept;
+            ip daddr $EXCLUDED_IPS ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
+          }
+        }
+      '';
+    };
+
     networking.firewall = {
       enable = true;
       allowedTCPPorts = universalAllowedPorts;