voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

killme

Browse source
This commit is contained in:
Dmitry Voronin 2024-10-15 21:58:59 +03:00
parent 897be283a5
commit 0e87eab602
1 changed files with 18 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
module/Zapret.nix
View file

@ -7,26 +7,22 @@
let
cfg = config.module.zapret;
whitelist =
if cfg.whitelist != null then
"--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}"
else
"";
whitelist = lib.optionalString (
cfg.whitelist != null
) "--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}";
blacklist =
if cfg.blacklist != null then
"--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}"
else
"";
lib.optionalString (cfg.blacklist != null)
"--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}";
ports = if cfg.httpSupport then "80,443" else "443";
in
{
options.module.zapret = {
enable = lib.mkEnableOption "Enable Zapret DPI bypass service.";
enable = lib.mkEnableOption "the Zapret DPI bypass service.";
package = lib.mkPackageOption pkgs "zapret" { };
params = lib.mkOption {
default = null;
default = [ ];
type = with lib.types; listOf str;
example = ''
[
@ -107,13 +103,17 @@ in
{
assertions = [
{
assertion = cfg.whitelist == null || cfg.blacklist == null;
assertion = (cfg.whitelist == null) || (cfg.blacklist == null);
message = "Can't specify both whitelist and blacklist.";
}
{
assertion = (builtins.length cfg.params) != 0;
message = "You have to specify zapret parameters. See the params option's description.";
}
];
systemd.services.zapret = {
description = "DPI bypass service.";
description = "DPI bypass service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
@ -123,7 +123,7 @@ in
Restart = "always";
RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience.
# Hardening.
# hardening
DevicePolicy = "closed";
KeyringMode = "private";
PrivateTmp = true;
@ -152,5 +152,8 @@ in
]
);
meta.maintainers = with lib.maintainers; [ voronind ];
meta.maintainers = with lib.maintainers; [
voronind
nishimara
];
}