killme
This commit is contained in:
parent
897be283a5
commit
0e87eab602
|
@ -7,26 +7,22 @@
|
||||||
let
|
let
|
||||||
cfg = config.module.zapret;
|
cfg = config.module.zapret;
|
||||||
|
|
||||||
whitelist =
|
whitelist = lib.optionalString (
|
||||||
if cfg.whitelist != null then
|
cfg.whitelist != null
|
||||||
"--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}"
|
) "--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}";
|
||||||
else
|
|
||||||
"";
|
|
||||||
|
|
||||||
blacklist =
|
blacklist =
|
||||||
if cfg.blacklist != null then
|
lib.optionalString (cfg.blacklist != null)
|
||||||
"--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}"
|
"--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}";
|
||||||
else
|
|
||||||
"";
|
|
||||||
|
|
||||||
ports = if cfg.httpSupport then "80,443" else "443";
|
ports = if cfg.httpSupport then "80,443" else "443";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.module.zapret = {
|
options.module.zapret = {
|
||||||
enable = lib.mkEnableOption "Enable Zapret DPI bypass service.";
|
enable = lib.mkEnableOption "the Zapret DPI bypass service.";
|
||||||
package = lib.mkPackageOption pkgs "zapret" { };
|
package = lib.mkPackageOption pkgs "zapret" { };
|
||||||
params = lib.mkOption {
|
params = lib.mkOption {
|
||||||
default = null;
|
default = [ ];
|
||||||
type = with lib.types; listOf str;
|
type = with lib.types; listOf str;
|
||||||
example = ''
|
example = ''
|
||||||
[
|
[
|
||||||
|
@ -107,13 +103,17 @@ in
|
||||||
{
|
{
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion = cfg.whitelist == null || cfg.blacklist == null;
|
assertion = (cfg.whitelist == null) || (cfg.blacklist == null);
|
||||||
message = "Can't specify both whitelist and blacklist.";
|
message = "Can't specify both whitelist and blacklist.";
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
assertion = (builtins.length cfg.params) != 0;
|
||||||
|
message = "You have to specify zapret parameters. See the params option's description.";
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.zapret = {
|
systemd.services.zapret = {
|
||||||
description = "DPI bypass service.";
|
description = "DPI bypass service";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -123,7 +123,7 @@ in
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience.
|
RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience.
|
||||||
|
|
||||||
# Hardening.
|
# hardening
|
||||||
DevicePolicy = "closed";
|
DevicePolicy = "closed";
|
||||||
KeyringMode = "private";
|
KeyringMode = "private";
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
|
@ -152,5 +152,8 @@ in
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
||||||
meta.maintainers = with lib.maintainers; [ voronind ];
|
meta.maintainers = with lib.maintainers; [
|
||||||
|
voronind
|
||||||
|
nishimara
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue