nevafel/myNixosFlake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clean up completed

Browse Source
This commit is contained in:
ficache 2024-11-10 22:01:51 +03:00
parent a763e32e42
commit c7b97b23ae
8 changed files with 62 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
home-manager/modules/nixvim/plugins/lsp.nix
View File

@ -6,6 +6,8 @@
servers = {
nixd.enable = true;
gopls.enable = true;
};
};
}

3
home-manager/your-packages.nix
View File

@ -11,9 +11,6 @@
grimblast
vlc
# Personal love
nautilus
# Social stuff
telegram-desktop

3
nixos/modules/docker.nix
View File

@ -1,3 +0,0 @@
{
virtualisation.docker.enable = true;
}

8
nixos/modules/privoxy.nix
View File

@ -1,8 +0,0 @@
{
services.privoxy = {
enable = true;
settings = {
forward = [ ".i2p localhost:4444" ".i2p localhost:4445" "/ 35.185.196.38:3128" ];
};
};
}

107
nixos/modules/zapret.nix
View File

@ -1,49 +1,60 @@
{ pkgs, ... }: {
disabledModules = [ "services/networking/zapret.nix" ]; # необходимо если версия nixpkgs новее 5a5c04d
imports = [ ./zapret_service.nix ];
services.zapret = {
enable = true;
mode = "nfqws";
settings = ''
SET_MAXELEM=522288
IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=60
AUTOHOSTLIST_DEBUGLOG=0
MDIG_THREADS=30
GZIP_LISTS=1
QUIC_PORTS=50000-65535
MODE=nfqws
MODE_HTTP=1
MODE_HTTP_KEEPALIVE=0
MODE_HTTPS=1
MODE_QUIC=1
MODE_FILTER=none
DESYNC_MARK=0x40000000
DESYNC_MARK_POSTNAT=0x20000000
NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=0 --dpi-desync-ttl6=0 --dpi-desync-fooling=badseq"
NFQWS_OPT_DESYNC_HTTP="--dpi-desync=fake --dpi-desync-ttl=5"
NFQWS_OPT_DESYNC_HTTPS="--dpi-desync=fake --dpi-desync-ttl=5"
NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake,tamper --dpi-desync-repeats=6 --dpi-desync-any-protocol"
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --hostcase --oob"
FLOWOFFLOAD=donttouch
INIT_APPLY_FW=1
DISABLE_IPV6=1
'';
};
{ ... }:
{
services = {
zapret = {
enable = true;
params = [
"--dpi-desync-autottl=3"
"--wssize 1:6"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-pos=1"
"--dpi-desync=syndata,fake,split2"
"--dpi-desync-repeats=6"
"--dpi-desync-fooling=md5sig"
"--new"
];
whitelist = [
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"youtubeembeddedplayer.googleapis.com"
"ytimg.l.google.com"
"ytimg.com"
"jnn-pa.googleapis.com"
"youtube-nocookie.com"
"youtube-ui.l.google.com"
"yt-video-upload.l.google.com"
"wide-youtube.l.google.com"
"youtubekids.com"
"ggpht.com"
"discord.com"
"gateway.discord.gg"
"cdn.discordapp.com"
"discordapp.net"
"discordapp.com"
"discord.gg"
"media.discordapp.net"
"images-ext-1.discordapp.net"
"discord.app"
"discord.media"
"discordcdn.com"
"discord.dev"
"discord.new"
"discord.gift"
"discordstatus.com"
"dis.gd"
"discord.co"
"discord-attachments-uploads-prd.storage.googleapis.com"
"7tv.app"
"7tv.io"
"10tv.app"
];
};
};
}

127
nixos/modules/zapret_service.nix
View File

@ -1,127 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib;
let
cfg = config.services.zapret;
in
{
options.services.zapret = {
enable = mkEnableOption "DPI bypass multi platform service";
package = mkPackageOption pkgs "zapret" { };
settings = mkOption {
type = types.lines;
default = "";
example = ''
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
NFQWS_OPT_DESYNC="--dpi-desync-ttl=5"
'';
description = ''
Rules for zapret to work. Run ```nix-shell -p zapret --command blockcheck``` to get values to pass here.
Config example can be found here https://github.com/bol-van/zapret/blob/master/config.default
'';
};
firewallType = mkOption {
type = types.enum [
"iptables"
"nftables"
];
default = "iptables";
description = ''
Which firewall zapret should use
'';
};
disableIpv6 = mkOption {
type = types.bool;
# recommended by upstream
default = true;
description = ''
Disable or enable usage of IpV6 by zapret
'';
};
mode = mkOption {
type = types.enum [
"tpws"
"tpws-socks"
"nfqws"
"filter"
"custom"
];
default = "tpws";
description = ''
Which mode zapret should use
'';
};
};
config = mkIf cfg.enable {
users.users.tpws = {
isSystemUser = true;
group = "tpws";
};
users.groups.tpws = { };
systemd.services.zapret = {
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
(if cfg.firewallType == "iptables" then iptables else nftables)
gawk
ipset
];
serviceConfig = {
Type = "forking";
Restart = "no";
TimeoutSec = "30sec";
IgnoreSIGPIPE = "no";
KillMode = "none";
GuessMainPID = "no";
RemainAfterExit = "no";
ExecStart = "${cfg.package}/bin/zapret start";
ExecStop = "${cfg.package}/bin/zapret stop";
EnvironmentFile = pkgs.writeText "${cfg.package.pname}-environment" (concatStrings [
''
MODE=${cfg.mode}
FWTYPE=${cfg.firewallType}
DISABLE_IPV6=${if cfg.disableIpv6 then "1" else "0"}
''
cfg.settings
]);
# hardening
DevicePolicy = "closed";
KeyringMode = "private";
PrivateTmp = true;
PrivateMounts = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
ProtectProc = "invisible";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
};
};
};
}

60
nixos/modules/zapret_test.nix
View File

@ -1,60 +0,0 @@
{ ... }:
{
services = {
zapret = {
enable = true;
params = [
"--dpi-desync-autottl=3"
"--wssize 1:6"
"--dpi-desync-fake-tls=0x00000000"
"--dpi-desync-split-pos=1"
"--dpi-desync=syndata,fake,split2"
"--dpi-desync-repeats=6"
"--dpi-desync-fooling=md5sig"
"--new"
];
whitelist = [
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"googlevideo.com"
"youtu.be"
"youtube.com"
"youtubei.googleapis.com"
"youtubeembeddedplayer.googleapis.com"
"ytimg.l.google.com"
"ytimg.com"
"jnn-pa.googleapis.com"
"youtube-nocookie.com"
"youtube-ui.l.google.com"
"yt-video-upload.l.google.com"
"wide-youtube.l.google.com"
"youtubekids.com"
"ggpht.com"
"discord.com"
"gateway.discord.gg"
"cdn.discordapp.com"
"discordapp.net"
"discordapp.com"
"discord.gg"
"media.discordapp.net"
"images-ext-1.discordapp.net"
"discord.app"
"discord.media"
"discordcdn.com"
"discord.dev"
"discord.new"
"discord.gift"
"discordstatus.com"
"dis.gd"
"discord.co"
"discord-attachments-uploads-prd.storage.googleapis.com"
"7tv.app"
"7tv.io"
"10tv.app"
];
};
};
}

3
nixos/user_modules.nix
View File

@ -3,8 +3,7 @@
./modules/gaming-tweaks.nix
./modules/pipewire.nix
./modules/auto-cpufreq.nix
./modules/privoxy.nix
./modules/zapret_test.nix
./modules/zapret.nix
./modules/hardware/nvidia.nix
./modules/hardware/battery-threshold.nix