voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Zapret : Remove default params.

Browse source
This commit is contained in:
Dmitry Voronin 2024-08-28 02:38:36 +03:00
parent 9d05bc2c29
commit 6318530b41
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
3 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
home/program/bash/module/Zapret.nix
View file

@ -1,9 +1,10 @@
{ config, ... }: { { ... }: {
text = '' text = ''
# FRKN. # FRKN.
# SOURCE: https://github.com/bol-van/zapret
function zapret() { function zapret() {
iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
nfqws --pidfile=/run/nfqws.pid ${config.module.zapret.params} --qnum=200 nfqws --pidfile=/run/nfqws.pid --qnum=201 ''${@}
} }
''; '';
} }

1
host/x86_64-linux/home/default.nix
View file

@ -33,6 +33,7 @@
}; };
zapret = { zapret = {
enable = true; enable = true;
params = "--dpi-desync=fake,split2 --dpi-desync-fooling=datanoack";
whitelist = '' whitelist = ''
youtube.com youtube.com
googlevideo.com googlevideo.com

10
module/Zapret.nix
View file

@ -17,7 +17,7 @@ in {
options = { options = {
enable = mkEnableOption "Enable Zapret service."; enable = mkEnableOption "Enable Zapret service.";
params = mkOption { params = mkOption {
default = "--dpi-desync=fake,split2 --dpi-desync-fooling=datanoack"; default = null;
type = types.str; type = types.str;
}; };
whitelist = mkOption { whitelist = mkOption {
@ -28,6 +28,10 @@ in {
default = null; default = null;
type = types.nullOr types.str; type = types.nullOr types.str;
}; };
qnum = mkOption {
default = 200;
type = types.int;
};
}; };
}; };
}; };
@ -35,7 +39,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
networking.firewall.extraCommands = '' networking.firewall.extraCommands = ''
iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${toString cfg.qnum} --queue-bypass
''; '';
systemd = { systemd = {
@ -45,7 +49,7 @@ in {
requires = [ "network.target" ]; requires = [ "network.target" ];
path = with pkgs; [ zapret ]; path = with pkgs; [ zapret ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.zapret}/bin/nfqws --pidfile=/run/nfqws.pid ${cfg.params} ${whitelist} ${blacklist} --qnum=200"; ExecStart = "${pkgs.zapret}/bin/nfqws --pidfile=/run/nfqws.pid ${cfg.params} ${whitelist} ${blacklist} --qnum=${toString cfg.qnum}";
Type = "simple"; Type = "simple";
PIDFile = "/run/nfqws.pid"; PIDFile = "/run/nfqws.pid";
ExecReload = "/bin/kill -HUP $MAINPID"; ExecReload = "/bin/kill -HUP $MAINPID";