Zapret : Remove default params.

This commit is contained in:
Dmitry Voronin 2024-08-28 02:38:36 +03:00
parent 9d05bc2c29
commit 6318530b41
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
3 changed files with 11 additions and 5 deletions

View file

@ -1,9 +1,10 @@
{ config, ... }: {
{ ... }: {
text = ''
# FRKN.
# SOURCE: https://github.com/bol-van/zapret
function zapret() {
iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
nfqws --pidfile=/run/nfqws.pid ${config.module.zapret.params} --qnum=200
nfqws --pidfile=/run/nfqws.pid --qnum=201 ''${@}
}
'';
}

View file

@ -33,6 +33,7 @@
};
zapret = {
enable = true;
params = "--dpi-desync=fake,split2 --dpi-desync-fooling=datanoack";
whitelist = ''
youtube.com
googlevideo.com

View file

@ -17,7 +17,7 @@ in {
options = {
enable = mkEnableOption "Enable Zapret service.";
params = mkOption {
default = "--dpi-desync=fake,split2 --dpi-desync-fooling=datanoack";
default = null;
type = types.str;
};
whitelist = mkOption {
@ -28,6 +28,10 @@ in {
default = null;
type = types.nullOr types.str;
};
qnum = mkOption {
default = 200;
type = types.int;
};
};
};
};
@ -35,7 +39,7 @@ in {
config = mkIf cfg.enable {
networking.firewall.extraCommands = ''
iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports 80,443 -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${toString cfg.qnum} --queue-bypass
'';
systemd = {
@ -45,7 +49,7 @@ in {
requires = [ "network.target" ];
path = with pkgs; [ zapret ];
serviceConfig = {
ExecStart = "${pkgs.zapret}/bin/nfqws --pidfile=/run/nfqws.pid ${cfg.params} ${whitelist} ${blacklist} --qnum=200";
ExecStart = "${pkgs.zapret}/bin/nfqws --pidfile=/run/nfqws.pid ${cfg.params} ${whitelist} ${blacklist} --qnum=${toString cfg.qnum}";
Type = "simple";
PIDFile = "/run/nfqws.pid";
ExecReload = "/bin/kill -HUP $MAINPID";