killme
This commit is contained in:
parent
897be283a5
commit
0e87eab602
|
@ -7,26 +7,22 @@
|
|||
let
|
||||
cfg = config.module.zapret;
|
||||
|
||||
whitelist =
|
||||
if cfg.whitelist != null then
|
||||
"--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}"
|
||||
else
|
||||
"";
|
||||
whitelist = lib.optionalString (
|
||||
cfg.whitelist != null
|
||||
) "--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}";
|
||||
|
||||
blacklist =
|
||||
if cfg.blacklist != null then
|
||||
"--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}"
|
||||
else
|
||||
"";
|
||||
lib.optionalString (cfg.blacklist != null)
|
||||
"--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}";
|
||||
|
||||
ports = if cfg.httpSupport then "80,443" else "443";
|
||||
in
|
||||
{
|
||||
options.module.zapret = {
|
||||
enable = lib.mkEnableOption "Enable Zapret DPI bypass service.";
|
||||
enable = lib.mkEnableOption "the Zapret DPI bypass service.";
|
||||
package = lib.mkPackageOption pkgs "zapret" { };
|
||||
params = lib.mkOption {
|
||||
default = null;
|
||||
default = [ ];
|
||||
type = with lib.types; listOf str;
|
||||
example = ''
|
||||
[
|
||||
|
@ -107,13 +103,17 @@ in
|
|||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.whitelist == null || cfg.blacklist == null;
|
||||
assertion = (cfg.whitelist == null) || (cfg.blacklist == null);
|
||||
message = "Can't specify both whitelist and blacklist.";
|
||||
}
|
||||
{
|
||||
assertion = (builtins.length cfg.params) != 0;
|
||||
message = "You have to specify zapret parameters. See the params option's description.";
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services.zapret = {
|
||||
description = "DPI bypass service.";
|
||||
description = "DPI bypass service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
|
@ -123,7 +123,7 @@ in
|
|||
Restart = "always";
|
||||
RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience.
|
||||
|
||||
# Hardening.
|
||||
# hardening
|
||||
DevicePolicy = "closed";
|
||||
KeyringMode = "private";
|
||||
PrivateTmp = true;
|
||||
|
@ -152,5 +152,8 @@ in
|
|||
]
|
||||
);
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ voronind ];
|
||||
meta.maintainers = with lib.maintainers; [
|
||||
voronind
|
||||
nishimara
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue