nixosModules.spoofdpi: update options, fix broken module

nixosModules/services/spoofdpi.nix

@@ -41,7 +41,42 @@ in {
       type = types.str;
       default = "8.8.8.8";
       example = default;
-      description = "DNS server.";
+      description = "DNS address.";
+    };
+
+    dnsPort = mkOption rec {
+      type = types.port;
+      default = 53;
+      example = default;
+      description = "DNS port.";
+    };
+
+    doh = mkEnableOption "DOH";
+
+    windowSize = mkOption rec {
+      type = types.int;
+      default = 50;
+      example = default;
+      description = "Window size for fragmented client hello.";
+    };
+
+    timeout = mkOption rec {
+      type = types.int;
+      default = 2000;
+      example = default;
+      description = "Timeout in milliseconds.";
+    };
+
+    pattern = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Bypass DPI only on packets matching this regex pattern.";
+    };
+
+    bypassUrls = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = "Bypass DPI only on this urls.";
     };
   };
 
@@ -51,7 +86,19 @@ in {
       after = ["network.target"];
       serviceConfig = {
         Restart = "on-failure";
-        ExecStart = "${lib.getExe cfg.package} -no-banner -addr ${cfg.address} -port ${toString cfg.port} -dns ${cfg.dns}";
+        ExecStart = ''
+          ${lib.getExe cfg.package} \
+              -no-banner \
+              -addr ${cfg.address} \
+              -port ${toString cfg.port} \
+              -dns-addr ${cfg.dns} \
+              -dns-port ${toString cfg.dnsPort} \
+              ${lib.optionalString cfg.doh ''-enable-doh \''}
+              -window-size ${toString cfg.windowSize} \
+              -timeout ${toString cfg.timeout} \
+              ${lib.optionalString (cfg.pattern != null) ''-pattern ${cfg.pattern} \''}
+              ${lib.concatStringsSep " " (map (url: "-url ${url}") cfg.bypassUrls)}
+        '';
         DynamicUser = "yes";
       };
     };