voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

killme

Browse source
This commit is contained in:
Dmitry Voronin 2024-10-15 21:58:59 +03:00
parent 897be283a5
commit 0e87eab602
1 changed files with 18 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
module/Zapret.nix
View file

@ -7,26 +7,22 @@
let let
cfg = config.module.zapret; cfg = config.module.zapret;
whitelist = whitelist = lib.optionalString (
if cfg.whitelist != null then cfg.whitelist != null
"--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}" ) "--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}";
else
"";
blacklist = blacklist =
if cfg.blacklist != null then lib.optionalString (cfg.blacklist != null)
"--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}" "--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}";
else
"";
ports = if cfg.httpSupport then "80,443" else "443"; ports = if cfg.httpSupport then "80,443" else "443";
in in
{ {
options.module.zapret = { options.module.zapret = {
enable = lib.mkEnableOption "Enable Zapret DPI bypass service."; enable = lib.mkEnableOption "the Zapret DPI bypass service.";
package = lib.mkPackageOption pkgs "zapret" { }; package = lib.mkPackageOption pkgs "zapret" { };
params = lib.mkOption { params = lib.mkOption {
default = null; default = [ ];
type = with lib.types; listOf str; type = with lib.types; listOf str;
example = '' example = ''
[ [
@ -107,13 +103,17 @@ in
{ {
assertions = [ assertions = [
{ {
assertion = cfg.whitelist == null || cfg.blacklist == null; assertion = (cfg.whitelist == null) || (cfg.blacklist == null);
message = "Can't specify both whitelist and blacklist."; message = "Can't specify both whitelist and blacklist.";
} }
{
assertion = (builtins.length cfg.params) != 0;
message = "You have to specify zapret parameters. See the params option's description.";
}
]; ];
systemd.services.zapret = { systemd.services.zapret = {
description = "DPI bypass service."; description = "DPI bypass service";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
serviceConfig = { serviceConfig = {
@ -123,7 +123,7 @@ in
Restart = "always"; Restart = "always";
RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience. RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience.
# Hardening. # hardening
DevicePolicy = "closed"; DevicePolicy = "closed";
KeyringMode = "private"; KeyringMode = "private";
PrivateTmp = true; PrivateTmp = true;
@ -152,5 +152,8 @@ in
] ]
); );
meta.maintainers = with lib.maintainers; [ voronind ]; meta.maintainers = with lib.maintainers; [
voronind
nishimara
];
} }