Zapret : Rename to Frkn.
This commit is contained in:
parent
74de045d51
commit
04c4351436
|
@ -1,10 +1,10 @@
|
||||||
# TODO: Saved just in case for the dark future.
|
# TODO: Saved just in case for the dark future.
|
||||||
# в целом просто сделай себе шелл алиас gw-default="sudo ip route del default; sudo ip route add default via айпишник роутера" и шелл алиас gw-vpn="sudo ip route del default; sudo ip route add default via айпишник_впна"
|
# в целом просто сделай себе шелл алиас gw-default="sudo ip route del default; sudo ip route add default via айпишник роутера" и шелл алиас gw-vpn="sudo ip route del default; sudo ip route add default via айпишник_впна"
|
||||||
{ container, pkgs, lib, config, __findFile, ... }: with lib; let
|
{ container, pkgs, lib, config, __findFile, ... }: with lib; let
|
||||||
cfg = config.container.module.zapret;
|
cfg = config.container.module.frkn;
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
container.module.zapret = {
|
container.module.frkn = {
|
||||||
enable = mkEnableOption "FRKN";
|
enable = mkEnableOption "FRKN";
|
||||||
address = mkOption {
|
address = mkOption {
|
||||||
default = "10.1.0.69";
|
default = "10.1.0.69";
|
||||||
|
@ -23,7 +23,7 @@ in {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
};
|
};
|
||||||
storage = mkOption {
|
storage = mkOption {
|
||||||
default = "${config.container.storage}/zapret";
|
default = "${config.container.storage}/frkn";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -34,7 +34,7 @@ in {
|
||||||
"data"
|
"data"
|
||||||
];
|
];
|
||||||
|
|
||||||
containers.zapret = container.mkContainer cfg {
|
containers.frkn = container.mkContainer cfg {
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/data" = {
|
"/data" = {
|
||||||
hostPath = "${cfg.storage}/data";
|
hostPath = "${cfg.storage}/data";
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
return 301 rtsp://${address}:${toString port}/live/main;
|
return 301 rtsp://${address}:${toString port}/live/main;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,7 @@ in {
|
||||||
location ~ ^/(admin|api|user) {
|
location ~ ^/(admin|api|user) {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
@ -19,7 +19,7 @@ in {
|
||||||
# allow ${config.container.localAccess};
|
# allow ${config.container.localAccess};
|
||||||
# allow ${config.container.module.status.address};
|
# allow ${config.container.module.status.address};
|
||||||
# allow ${config.container.module.vpn.address};
|
# allow ${config.container.module.vpn.address};
|
||||||
# allow ${config.container.module.zapret.address};
|
# allow ${config.container.module.frkn.address};
|
||||||
# deny all;
|
# deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
# allow ${config.container.localAccess};
|
# allow ${config.container.localAccess};
|
||||||
# allow ${config.container.module.status.address};
|
# allow ${config.container.module.status.address};
|
||||||
# allow ${config.container.module.vpn.address};
|
# allow ${config.container.module.vpn.address};
|
||||||
# allow ${config.container.module.zapret.address};
|
# allow ${config.container.module.frkn.address};
|
||||||
# deny all;
|
# deny all;
|
||||||
add_header X-Forwarded-Proto https;
|
add_header X-Forwarded-Proto https;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
|
|
|
@ -13,7 +13,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,7 +13,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,7 @@ in {
|
||||||
location ~ ^/(dashboard|settings) {
|
location ~ ^/(dashboard|settings) {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
@ -18,7 +18,7 @@ in {
|
||||||
location / {
|
location / {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ in {
|
||||||
allow ${config.container.localAccess};
|
allow ${config.container.localAccess};
|
||||||
allow ${config.container.module.status.address};
|
allow ${config.container.module.status.address};
|
||||||
allow ${config.container.module.vpn.address};
|
allow ${config.container.module.vpn.address};
|
||||||
allow ${config.container.module.zapret.address};
|
allow ${config.container.module.frkn.address};
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://''$${name}$request_uri;
|
proxy_pass http://''$${name}$request_uri;
|
||||||
|
|
|
@ -4,13 +4,14 @@
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
module = {
|
module = {
|
||||||
|
# ISSUE: hdd.enable = true;
|
||||||
change.enable = true;
|
change.enable = true;
|
||||||
cloud.enable = true;
|
cloud.enable = true;
|
||||||
ddns.enable = true;
|
ddns.enable = true;
|
||||||
dns.enable = true;
|
dns.enable = true;
|
||||||
download.enable = true;
|
download.enable = true;
|
||||||
|
frkn.enable = true;
|
||||||
git.enable = true;
|
git.enable = true;
|
||||||
# ISSUE: hdd.enable = true;
|
|
||||||
home.enable = true;
|
home.enable = true;
|
||||||
iot.enable = true;
|
iot.enable = true;
|
||||||
jobber.enable = true;
|
jobber.enable = true;
|
||||||
|
@ -31,7 +32,6 @@
|
||||||
vpn.enable = true;
|
vpn.enable = true;
|
||||||
watch.enable = true;
|
watch.enable = true;
|
||||||
yt.enable = true;
|
yt.enable = true;
|
||||||
zapret.enable = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
storage = "/storage/hot/container";
|
storage = "/storage/hot/container";
|
||||||
|
|
|
@ -47,7 +47,7 @@ in {
|
||||||
|
|
||||||
# Full access from VPN clients.
|
# Full access from VPN clients.
|
||||||
iptables -I INPUT -j ACCEPT -s ${cfg.vpn.address} -d ${internal}
|
iptables -I INPUT -j ACCEPT -s ${cfg.vpn.address} -d ${internal}
|
||||||
iptables -I INPUT -j ACCEPT -s ${cfg.zapret.address} -d ${internal}
|
iptables -I INPUT -j ACCEPT -s ${cfg.frkn.address} -d ${internal}
|
||||||
|
|
||||||
# Full access from Lan.
|
# Full access from Lan.
|
||||||
iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal}
|
iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal}
|
||||||
|
@ -63,12 +63,12 @@ in {
|
||||||
+ (mkForward internal 993 cfg.mail.address 993 tcp)
|
+ (mkForward internal 993 cfg.mail.address 993 tcp)
|
||||||
|
|
||||||
# FRKN internal proxy server.
|
# FRKN internal proxy server.
|
||||||
+ (mkForward internal cfg.zapret.port cfg.zapret.address cfg.zapret.port tcp)
|
+ (mkForward internal cfg.frkn.port cfg.frkn.address cfg.frkn.port tcp)
|
||||||
+ (mkForward internal cfg.zapret.torport cfg.zapret.address cfg.zapret.torport tcp)
|
+ (mkForward internal cfg.frkn.torport cfg.frkn.address cfg.frkn.torport tcp)
|
||||||
+ (mkForward internal cfg.zapret.xrayport cfg.zapret.address cfg.zapret.xrayport tcp)
|
+ (mkForward internal cfg.frkn.xrayport cfg.frkn.address cfg.frkn.xrayport tcp)
|
||||||
+ (mkForward internal cfg.zapret.port cfg.zapret.address cfg.zapret.port udp)
|
+ (mkForward internal cfg.frkn.port cfg.frkn.address cfg.frkn.port udp)
|
||||||
+ (mkForward internal cfg.zapret.torport cfg.zapret.address cfg.zapret.torport udp)
|
+ (mkForward internal cfg.frkn.torport cfg.frkn.address cfg.frkn.torport udp)
|
||||||
+ (mkForward internal cfg.zapret.xrayport cfg.zapret.address cfg.zapret.xrayport udp)
|
+ (mkForward internal cfg.frkn.xrayport cfg.frkn.address cfg.frkn.xrayport udp)
|
||||||
|
|
||||||
# Allow VPN connections from Wan.
|
# Allow VPN connections from Wan.
|
||||||
+ (mkForward external cfg.vpn.port cfg.vpn.address cfg.vpn.port udp)
|
+ (mkForward external cfg.vpn.port cfg.vpn.address cfg.vpn.port udp)
|
||||||
|
|
Loading…
Reference in a new issue