bonfire/nixosModules/services/spoofdpi.nix

{
  config,
  lib,
  bonPkgs,
  ...
}:
with lib; let
  cfg = config.services.spoofdpi;
in {
  options.services.spoofdpi = {
    enable = mkEnableOption "SpoofDPI service";

    package = mkOption {
      type = types.package;
      default = bonPkgs.spoofdpi;
      defaultText = literalExpression "bonPkgs.spoofdpi";
      description = "The package to use.";
    };

    address = mkOption rec {
      type = types.str;
      default = "127.0.0.1";
      example = default;
      description = "Listen address.";
    };

    port = mkOption rec {
      type = types.port;
      default = 8080;
      example = default;
      description = "Port.";
    };

    openFirewall = mkOption {
      type = types.bool;
      default = false;
      description = "Open `services.spoofdpi.port`.";
    };

    dns = mkOption rec {
      type = types.str;
      default = "8.8.8.8";
      example = default;
      description = "DNS address.";
    };

    dnsPort = mkOption rec {
      type = types.port;
      default = 53;
      example = default;
      description = "DNS port.";
    };

    doh = mkEnableOption "DOH";

    windowSize = mkOption rec {
      type = types.int;
      default = 50;
      example = default;
      description = "Window size for fragmented client hello.";
    };

    timeout = mkOption rec {
      type = types.int;
      default = 2000;
      example = default;
      description = "Timeout in milliseconds.";
    };

    pattern = mkOption {
      type = types.nullOr types.str;
      default = null;
      description = "Bypass DPI only on packets matching this regex pattern.";
    };

    bypassUrls = mkOption {
      type = types.listOf types.str;
      default = [];
      description = "Bypass DPI only on this urls.";
    };
  };

  config = mkIf cfg.enable {
    systemd.services.spoofdpi = {
      wantedBy = ["multi-user.target"];
      after = ["network.target"];
      serviceConfig = {
        Restart = "on-failure";
        ExecStart = ''
          ${lib.getExe cfg.package} \
              -no-banner \
              -addr ${cfg.address} \
              -port ${toString cfg.port} \
              -dns-addr ${cfg.dns} \
              -dns-port ${toString cfg.dnsPort} \
              ${lib.optionalString cfg.doh ''-enable-doh \''}
              -window-size ${toString cfg.windowSize} \
              -timeout ${toString cfg.timeout} \
              ${lib.optionalString (cfg.pattern != null) ''-pattern ${cfg.pattern} \''}
              ${lib.concatStringsSep " " (map (url: "-url ${url}") cfg.bypassUrls)}
        '';
        DynamicUser = "yes";
      };
    };

    networking.firewall = mkIf cfg.openFirewall {
      allowedTCPPorts = [cfg.port];
    };
  };
}
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`{`
			`config,`
			`lib,`
flake: huge rework flake: fix name conventions flake: configurations -> lib.preconfiguredModules flake.packages: rework platform dependency with convient module and evaluator `lib.collectPackages` packages.bonfire-docs: convient evaluators `nixosModulesDoc` and `packagesDoc` new: packages.postgresql: container image new: packages.redis: container image remove: packages.lego: needed dns provider was added to lego and nixpkgs packages.netgen: broken 2024-07-18 15:49:05 +05:00			`bonPkgs,`
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`...`
			`}:`
			`with lib; let`
			`cfg = config.services.spoofdpi;`
spoofdpi: update package name, nixos module 2023-12-26 15:16:21 +05:00			`in {`
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`options.services.spoofdpi = {`
			`enable = mkEnableOption "SpoofDPI service";`
nixosModules: new structure, new initialization process with path extraction and configuration new: packages: bonfire-docs flake: update inputs astora: move from gnome to hyprland (incomplete) 2024-06-20 00:16:28 +05:00
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`package = mkOption {`
			`type = types.package;`
flake: huge rework flake: fix name conventions flake: configurations -> lib.preconfiguredModules flake.packages: rework platform dependency with convient module and evaluator `lib.collectPackages` packages.bonfire-docs: convient evaluators `nixosModulesDoc` and `packagesDoc` new: packages.postgresql: container image new: packages.redis: container image remove: packages.lego: needed dns provider was added to lego and nixpkgs packages.netgen: broken 2024-07-18 15:49:05 +05:00			`default = bonPkgs.spoofdpi;`
			`defaultText = literalExpression "bonPkgs.spoofdpi";`
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`description = "The package to use.";`
			`};`

			`address = mkOption rec {`
			`type = types.str;`
			`default = "127.0.0.1";`
			`example = default;`
			`description = "Listen address.";`
			`};`
spoofdpi: update package name, nixos module 2023-12-26 15:16:21 +05:00
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`port = mkOption rec {`
			`type = types.port;`
			`default = 8080;`
			`example = default;`
			`description = "Port.";`
			`};`
spoofdpi: update package name, nixos module 2023-12-26 15:16:21 +05:00
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`openFirewall = mkOption {`
			`type = types.bool;`
			`default = false;`
			description = "Open `services.spoofdpi.port`.";
			`};`
new: nixosModules: qbittorrent-nox 2024-03-22 23:21:25 +05:00
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`dns = mkOption rec {`
			`type = types.str;`
			`default = "8.8.8.8";`
			`example = default;`
nixosModules.spoofdpi: update options, fix broken module 2024-07-25 12:15:44 +05:00			`description = "DNS address.";`
			`};`

			`dnsPort = mkOption rec {`
			`type = types.port;`
			`default = 53;`
			`example = default;`
			`description = "DNS port.";`
			`};`

			`doh = mkEnableOption "DOH";`

			`windowSize = mkOption rec {`
			`type = types.int;`
			`default = 50;`
			`example = default;`
			`description = "Window size for fragmented client hello.";`
			`};`

			`timeout = mkOption rec {`
			`type = types.int;`
			`default = 2000;`
			`example = default;`
			`description = "Timeout in milliseconds.";`
			`};`

			`pattern = mkOption {`
			`type = types.nullOr types.str;`
			`default = null;`
			`description = "Bypass DPI only on packets matching this regex pattern.";`
			`};`

			`bypassUrls = mkOption {`
			`type = types.listOf types.str;`
			`default = [];`
			`description = "Bypass DPI only on this urls.";`
spoofdpi: update package name, nixos module 2023-12-26 15:16:21 +05:00			`};`
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`};`
spoofdpi: update package name, nixos module 2023-12-26 15:16:21 +05:00
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`config = mkIf cfg.enable {`
			`systemd.services.spoofdpi = {`
			`wantedBy = ["multi-user.target"];`
			`after = ["network.target"];`
			`serviceConfig = {`
			`Restart = "on-failure";`
nixosModules.spoofdpi: update options, fix broken module 2024-07-25 12:15:44 +05:00			`ExecStart = ''`
			`${lib.getExe cfg.package} \`
			`-no-banner \`
			`-addr ${cfg.address} \`
			`-port ${toString cfg.port} \`
			`-dns-addr ${cfg.dns} \`
			`-dns-port ${toString cfg.dnsPort} \`
			`${lib.optionalString cfg.doh ''-enable-doh \''}`
			`-window-size ${toString cfg.windowSize} \`
			`-timeout ${toString cfg.timeout} \`
			`${lib.optionalString (cfg.pattern != null) ''-pattern ${cfg.pattern} \''}`
			`${lib.concatStringsSep " " (map (url: "-url ${url}") cfg.bypassUrls)}`
			`'';`
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`DynamicUser = "yes";`
			`};`
			`};`
new: nixosModules: qbittorrent-nox 2024-03-22 23:21:25 +05:00
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`networking.firewall = mkIf cfg.openFirewall {`
			`allowedTCPPorts = [cfg.port];`
spoofdpi: update package name, nixos module 2023-12-26 15:16:21 +05:00			`};`
flake: reformat all new: packages: bonvim, nixvim configuration of neovim remove: config: hyprland -> declarative remove: config: nvim nixosModules: structure with categories new: configurations: concept of preconfigured modules catarina: disable papermc server catarina: hydra server flake: hydraJobs outputs 2024-07-08 15:07:24 +05:00			`};`
spoofdpi: update package name, nixos module 2023-12-26 15:16:21 +05:00			`}`