2024-10-11 23:27:07 +03:00
|
|
|
{
|
2024-11-04 04:37:29 +03:00
|
|
|
__findFile,
|
|
|
|
config,
|
|
|
|
container,
|
2024-11-15 01:42:21 +03:00
|
|
|
inputs,
|
2024-11-04 04:37:29 +03:00
|
|
|
lib,
|
|
|
|
pkgs,
|
2024-11-15 01:42:21 +03:00
|
|
|
pkgsMaster,
|
2024-11-04 04:37:29 +03:00
|
|
|
util,
|
|
|
|
...
|
|
|
|
} @args: let
|
|
|
|
cfg = config.container.module.frkn;
|
|
|
|
in {
|
|
|
|
options.container.module.frkn = {
|
|
|
|
enable = lib.mkEnableOption "the Allmighty FRKN service.";
|
|
|
|
address = lib.mkOption {
|
|
|
|
default = "10.1.0.69";
|
|
|
|
type = lib.types.str;
|
|
|
|
};
|
|
|
|
port = lib.mkOption {
|
|
|
|
default = 1080;
|
|
|
|
type = lib.types.int;
|
|
|
|
};
|
|
|
|
torport = lib.mkOption {
|
|
|
|
default = 9150;
|
|
|
|
type = lib.types.int;
|
|
|
|
};
|
|
|
|
xrayport = lib.mkOption {
|
|
|
|
default = 1081;
|
|
|
|
type = lib.types.int;
|
|
|
|
};
|
|
|
|
storage = lib.mkOption {
|
|
|
|
default = "${config.container.storage}/frkn";
|
|
|
|
type = lib.types.str;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
systemd.tmpfiles.rules = container.mkContainerDir cfg [
|
|
|
|
"data"
|
|
|
|
];
|
2024-08-01 18:06:37 +03:00
|
|
|
|
2024-11-04 04:37:29 +03:00
|
|
|
containers.frkn = container.mkContainer cfg {
|
|
|
|
bindMounts = {
|
|
|
|
"/data" = {
|
|
|
|
hostPath = "${cfg.storage}/data";
|
|
|
|
isReadOnly = true;
|
|
|
|
};
|
|
|
|
};
|
2024-08-30 13:23:15 +03:00
|
|
|
|
2024-11-04 04:37:29 +03:00
|
|
|
config = { ... }: container.mkContainerConfig cfg {
|
2024-11-15 01:42:21 +03:00
|
|
|
disabledModules = [ "services/networking/zapret.nix" ];
|
|
|
|
imports = [ "${inputs.nixpkgsMaster}/nixos/modules/services/networking/zapret.nix" ];
|
2024-08-30 13:23:15 +03:00
|
|
|
|
2024-11-04 04:37:29 +03:00
|
|
|
boot.kernel.sysctl = {
|
|
|
|
"net.ipv4.conf.all.src_valid_mark" = 1;
|
|
|
|
"net.ipv4.ip_forward" = 1;
|
|
|
|
};
|
2024-08-08 01:59:00 +03:00
|
|
|
|
2024-11-15 01:42:21 +03:00
|
|
|
# TODO: Single place.
|
|
|
|
services.zapret = {
|
2024-11-04 04:37:29 +03:00
|
|
|
enable = true;
|
2024-11-15 01:42:21 +03:00
|
|
|
package = pkgsMaster.zapret;
|
|
|
|
params = [
|
|
|
|
"--dpi-desync=fake,disorder2"
|
|
|
|
"--dpi-desync-ttl=1"
|
|
|
|
"--dpi-desync-autottl=2"
|
|
|
|
];
|
2024-11-04 04:37:29 +03:00
|
|
|
};
|
2024-08-01 18:06:37 +03:00
|
|
|
|
2024-11-04 04:37:29 +03:00
|
|
|
services = {
|
|
|
|
microsocks = {
|
|
|
|
enable = true;
|
|
|
|
disableLogging = true;
|
|
|
|
ip = cfg.address;
|
|
|
|
port = cfg.port;
|
|
|
|
};
|
2024-08-01 18:06:37 +03:00
|
|
|
|
2024-11-04 04:37:29 +03:00
|
|
|
tor = {
|
|
|
|
enable = true;
|
|
|
|
openFirewall = true;
|
|
|
|
settings = let
|
|
|
|
exclude = "{RU},{UA},{BY},{KZ},{CN},{??}";
|
|
|
|
in {
|
|
|
|
# ExcludeExitNodes = exclude;
|
|
|
|
# ExcludeNodes = exclude;
|
|
|
|
# DNSPort = dnsport;
|
|
|
|
UseBridges = true;
|
|
|
|
ClientTransportPlugin = "obfs4 exec ${pkgs.obfs4}/bin/lyrebird";
|
|
|
|
Bridge = [
|
|
|
|
"obfs4 121.45.140.249:12123 0922E212E33B04F0B7C1E398161E8EDE06734F26 cert=3AQ4iJFAzxzt7a/zgXIiFEs6fvrXInXt1Dtr09DgnpvUzG/iiyRTdXYZKSYpI124Zt3ZUA iat-mode=0"
|
|
|
|
"obfs4 145.239.31.71:10161 882125D15B59BB82BE66F999056CB676D3F061F8 cert=AnD+EvcBMuQDVM7PwW7NgFAzW1M5jDm7DjQtIIcBSjoyAf1FJ2p535rrYL2Kk8POAd0+aw iat-mode=0"
|
|
|
|
"obfs4 79.137.11.45:45072 ECA3197D49A29DDECD4ACBF9BCF15E4987B78137 cert=2FKyLWkPgMNCWxBD3cNOTRxJH3XP+HdStPGKMjJfw2YbvVjihIp3X2BCrtxQya9m5II5XA iat-mode=0"
|
|
|
|
"obfs4 94.103.89.153:4443 5617848964FD6546968B5BF3FFA6C11BCCABE58B cert=tYsmuuTe9phJS0Gh8NKIpkVZP/XKs7gJCqi31o8LClwYetxzFz0fQZgsMwhNcIlZ0HG5LA iat-mode=0"
|
|
|
|
];
|
|
|
|
};
|
2024-08-01 18:06:37 +03:00
|
|
|
|
2024-11-04 04:37:29 +03:00
|
|
|
client = {
|
|
|
|
enable = true;
|
|
|
|
# dns.enable = true;
|
|
|
|
socksListenAddress = {
|
|
|
|
IsolateDestAddr = true;
|
|
|
|
addr = cfg.address;
|
|
|
|
port = cfg.torport;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-08-30 13:23:15 +03:00
|
|
|
|
2024-11-04 04:37:29 +03:00
|
|
|
xray = {
|
|
|
|
enable = true;
|
|
|
|
settingsFile = "/data/Client.json";
|
|
|
|
};
|
|
|
|
};
|
2024-08-01 18:06:37 +03:00
|
|
|
|
2024-11-04 04:37:29 +03:00
|
|
|
systemd = {
|
|
|
|
services.tor.wantedBy = lib.mkForce [ ];
|
2024-08-01 19:51:04 +03:00
|
|
|
|
2024-11-04 04:37:29 +03:00
|
|
|
timers.tor = {
|
|
|
|
timerConfig = {
|
|
|
|
OnBootSec = 5;
|
|
|
|
Unit = "tor.service";
|
|
|
|
};
|
|
|
|
wantedBy = [ "timers.target" ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-08-01 18:06:37 +03:00
|
|
|
}
|