1
0
Fork 0
mirror of https://git.sr.ht/~azikx/karbur synced 2024-10-30 11:26:21 +00:00
karbur/host/misc/zapret.nix
2024-10-23 19:10:54 +09:00

45 lines
1.3 KiB
Nix

{ pkgs, ... }: {
systemd.services.zapret = { # ZAPRET FOR YOTUBE
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iptables nftables zapret ipset curl gawk ];
serviceConfig = {
Type = "forking";
Restart = "no";
TimeoutSec = "30sec";
IgnoreSIGPIPE = "no";
KillMode = "none";
GuessMainPID = "no";
ExecStart = "${pkgs.zapret}/bin/zapret start";
ExecStop = "${pkgs.zapret}/bin/zapret stop";
EnvironmentFile = pkgs.writeText "zapret-environment" ''
FWTYPE="iptables"
SET_MAXELEM=522288
IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=60
AUTOHOSTLIST_DEBUGLOG=0
MDIG_THREADS=30
GZIP_LISTS=1
MODE=nfqws
MODE_HTTP=1
MODE_HTTP_KEEPALIVE=0
MODE_HTTPS=1
MODE_QUIC=0
MODE_FILTER=none
DESYNC_MARK=0x40000000
DESYNC_MARK_POSTNAT=0x20000000
NFQWS_OPT_DESYNC="--dpi-desync=fake --dpi-desync-ttl=9" # EDIT THIS
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
FLOWOFFLOAD=donttouch
INIT_APPLY_FW=1
DISABLE_IPV6=0
'';
};
};
}