nix/module/Zapret.nix

# SOURCE: https://github.com/bol-van/zapret
{ lib, config, pkgs, util, ... }: with lib; let
	cfg = config.module.zapret;

	whitelist = if cfg.whitelist != null then
		"--hostlist ${pkgs.writeText "ZapretWhitelist" (util.trimTabs cfg.whitelist)}"
	else "";

	blacklist = if cfg.blacklist != null then
		"--hostlist-exclude ${pkgs.writeText "ZapretBlacklist" (util.trimTabs cfg.blacklist)}"
	else "";

	# ISSUE: Seems broken. Adds nothing automatically.
	autolist = if cfg.autolist != null then
		"--hostlist-auto ${cfg.autolist}"
	else "";
in {
	options = {
		module.zapret = mkOption {
			default = {};
			type = types.submodule {
				options = {
					enable = mkEnableOption "Enable Zapret service.";
					params = mkOption {
						default = null;
						type    = types.str;
					};
					whitelist = mkOption {
						default = null;
						type    = types.nullOr types.str;
					};
					blacklist = mkOption {
						default = null;
						type    = types.nullOr types.str;
					};
					autolist = mkOption {
						default = null;
						type    = types.nullOr types.str;
					};
					qnum = mkOption {
						default = 200;
						type    = types.int;
					};
				};
			};
		};
	};

	config = mkIf cfg.enable {
		networking.firewall.extraCommands = ''
			iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${toString cfg.qnum} --queue-bypass
		'';

		systemd = {
			services.zapret = {
				description = "FRKN";
				wantedBy = [ ];
				requires = [ "network.target" ];
				path = with pkgs; [ zapret ];
				serviceConfig = {
					ExecStart  = "${pkgs.zapret}/bin/nfqws --pidfile=/run/nfqws.pid ${cfg.params} ${whitelist} ${blacklist} ${autolist} --qnum=${toString cfg.qnum}";
					Type       = "simple";
					PIDFile    = "/run/nfqws.pid";
					ExecReload = "/bin/kill -HUP $MAINPID";
					Restart       = "always";
					RestartSec    = "5s";
					RuntimeMaxSec = "1h";
				};
			};

			timers.zapret = {
				timerConfig = {
					OnBootSec = 5;
					Unit      = "zapret.service";
				};
				wantedBy = [ "timers.target" ];
			};
		};
	};
}
Zapret : Add source link. 2024-08-28 02:34:26 +03:00			`# SOURCE: https://github.com/bol-van/zapret`
Zapret : Move to service. 2024-08-28 01:31:17 +03:00			`{ lib, config, pkgs, util, ... }: with lib; let`
			`cfg = config.module.zapret;`

			`whitelist = if cfg.whitelist != null then`
			`"--hostlist ${pkgs.writeText "ZapretWhitelist" (util.trimTabs cfg.whitelist)}"`
			`else "";`

			`blacklist = if cfg.blacklist != null then`
			`"--hostlist-exclude ${pkgs.writeText "ZapretBlacklist" (util.trimTabs cfg.blacklist)}"`
			`else "";`
Zapret : Enable autolist & new params. 2024-09-02 13:03:19 +03:00
			`# ISSUE: Seems broken. Adds nothing automatically.`
			`autolist = if cfg.autolist != null then`
			`"--hostlist-auto ${cfg.autolist}"`
			`else "";`
Zapret : Move to service. 2024-08-28 01:31:17 +03:00			`in {`
			`options = {`
			`module.zapret = mkOption {`
			`default = {};`
			`type = types.submodule {`
			`options = {`
			`enable = mkEnableOption "Enable Zapret service.";`
			`params = mkOption {`
Zapret : Remove default params. 2024-08-28 02:38:36 +03:00			`default = null;`
Zapret : Move to service. 2024-08-28 01:31:17 +03:00			`type = types.str;`
			`};`
			`whitelist = mkOption {`
			`default = null;`
			`type = types.nullOr types.str;`
			`};`
			`blacklist = mkOption {`
			`default = null;`
			`type = types.nullOr types.str;`
			`};`
Zapret : Enable autolist & new params. 2024-09-02 13:03:19 +03:00			`autolist = mkOption {`
			`default = null;`
			`type = types.nullOr types.str;`
			`};`
Zapret : Remove default params. 2024-08-28 02:38:36 +03:00			`qnum = mkOption {`
			`default = 200;`
			`type = types.int;`
			`};`
Zapret : Move to service. 2024-08-28 01:31:17 +03:00			`};`
			`};`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`networking.firewall.extraCommands = ''`
Zapret : Remove default params. 2024-08-28 02:38:36 +03:00			`iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${toString cfg.qnum} --queue-bypass`
Zapret : Move to service. 2024-08-28 01:31:17 +03:00			`'';`

			`systemd = {`
			`services.zapret = {`
			`description = "FRKN";`
			`wantedBy = [ ];`
			`requires = [ "network.target" ];`
			`path = with pkgs; [ zapret ];`
			`serviceConfig = {`
Zapret : Enable autolist & new params. 2024-09-02 13:03:19 +03:00			`ExecStart = "${pkgs.zapret}/bin/nfqws --pidfile=/run/nfqws.pid ${cfg.params} ${whitelist} ${blacklist} ${autolist} --qnum=${toString cfg.qnum}";`
Zapret : Move to service. 2024-08-28 01:31:17 +03:00			`Type = "simple";`
			`PIDFile = "/run/nfqws.pid";`
			`ExecReload = "/bin/kill -HUP $MAINPID";`
Zapret : Restart every hour. 2024-09-03 18:16:27 +03:00			`Restart = "always";`
			`RestartSec = "5s";`
			`RuntimeMaxSec = "1h";`
Zapret : Move to service. 2024-08-28 01:31:17 +03:00			`};`
			`};`

			`timers.zapret = {`
			`timerConfig = {`
			`OnBootSec = 5;`
			`Unit = "zapret.service";`
			`};`
			`wantedBy = [ "timers.target" ];`
			`};`
			`};`
			`};`
			`}`