diff --git a/nixosModules/services/spoofdpi.nix b/nixosModules/services/spoofdpi.nix index ecbb137..d15027f 100644 --- a/nixosModules/services/spoofdpi.nix +++ b/nixosModules/services/spoofdpi.nix @@ -41,7 +41,42 @@ in { type = types.str; default = "8.8.8.8"; example = default; - description = "DNS server."; + description = "DNS address."; + }; + + dnsPort = mkOption rec { + type = types.port; + default = 53; + example = default; + description = "DNS port."; + }; + + doh = mkEnableOption "DOH"; + + windowSize = mkOption rec { + type = types.int; + default = 50; + example = default; + description = "Window size for fragmented client hello."; + }; + + timeout = mkOption rec { + type = types.int; + default = 2000; + example = default; + description = "Timeout in milliseconds."; + }; + + pattern = mkOption { + type = types.nullOr types.str; + default = null; + description = "Bypass DPI only on packets matching this regex pattern."; + }; + + bypassUrls = mkOption { + type = types.listOf types.str; + default = []; + description = "Bypass DPI only on this urls."; }; }; @@ -51,7 +86,19 @@ in { after = ["network.target"]; serviceConfig = { Restart = "on-failure"; - ExecStart = "${lib.getExe cfg.package} -no-banner -addr ${cfg.address} -port ${toString cfg.port} -dns ${cfg.dns}"; + ExecStart = '' + ${lib.getExe cfg.package} \ + -no-banner \ + -addr ${cfg.address} \ + -port ${toString cfg.port} \ + -dns-addr ${cfg.dns} \ + -dns-port ${toString cfg.dnsPort} \ + ${lib.optionalString cfg.doh ''-enable-doh \''} + -window-size ${toString cfg.windowSize} \ + -timeout ${toString cfg.timeout} \ + ${lib.optionalString (cfg.pattern != null) ''-pattern ${cfg.pattern} \''} + ${lib.concatStringsSep " " (map (url: "-url ${url}") cfg.bypassUrls)} + ''; DynamicUser = "yes"; }; };