From 2bc6eb2b21bf1f67bb528d7cea3207d3c454f3fe Mon Sep 17 00:00:00 2001
From: tulg <tulg@protonmail.ch>
Date: Fri, 24 Apr 2026 17:59:47 +0300
Subject: [PATCH] archangel submits

---
 hosts/archangel/configuration.nix          |  4 +-
 hosts/archangel/hardware-configuration.nix |  4 ++
 modules/nixos/networking/zapret.nix        | 49 ++++------------------
 3 files changed, 14 insertions(+), 43 deletions(-)

diff --git a/hosts/archangel/configuration.nix b/hosts/archangel/configuration.nix
index ec8924d..1cec7a3 100644
--- a/hosts/archangel/configuration.nix
+++ b/hosts/archangel/configuration.nix
@@ -11,6 +11,8 @@
     ./disko.nix
     ./hardware-configuration.nix
     ../../modules/nixos/networking/default.nix
+    ../../modules/nixos/networking/zapret.nix
+
     ../../modules/nixos/virtualization/default.nix
     ../../modules/nixos/common.nix
     ../../modules/nixos/fonts.nix
@@ -21,7 +23,7 @@
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
-
+ services.flatpak.enable = true;
   networking.hostName = "archangel";
 
   programs.hyprland = {
diff --git a/hosts/archangel/hardware-configuration.nix b/hosts/archangel/hardware-configuration.nix
index 6c76b8b..cfda065 100644
--- a/hosts/archangel/hardware-configuration.nix
+++ b/hosts/archangel/hardware-configuration.nix
@@ -16,6 +16,10 @@
   boot.initrd.kernelModules = [];
   boot.kernelModules = ["kvm-amd"];
   boot.extraModulePackages = [];
+  hardware.graphics = {
+    enable = true;
+    enable32Bit = true;
+  };
 
   swapDevices = [];
 
diff --git a/modules/nixos/networking/zapret.nix b/modules/nixos/networking/zapret.nix
index 44e98e3..2f95adb 100644
--- a/modules/nixos/networking/zapret.nix
+++ b/modules/nixos/networking/zapret.nix
@@ -1,55 +1,20 @@
 {
-  services.dnscrypt-proxy = {
-    enable = true;
-
-    settings = {
-      listen_addresses = [
-        "127.0.0.1:53"
-        "[::1]:53"
-      ];
-
-      ignore_system_dns = true;
-
-      bootstrap_resolvers = [
-        "9.9.9.9:53"
-        "149.112.112.112:53"
-        "1.1.1.1:53"
-      ];
-
-      fallback_resolvers = [
-        "9.9.9.9:53"
-        "1.1.1.1:53"
-      ];
-    };
+  networking = {
+    nameservers = ["127.0.0.1" "::1"];
   };
 
-  systemd.services.zapret = {
-    after = ["network-online.target"];
-    wants = ["network-online.target"];
+  services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      listen_addresses = ["127.0.0.1:53" "[::1]:53"];
+    };
   };
 
   services.zapret = {
     enable = true;
-
     params = [
       "--dpi-desync=fake"
       "--dpi-desync-ttl=8"
-      "--filter-tcp=443 --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fooling=badsum "
-      "--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fooling=badsum --new "
-      "--filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fooling=badsum "
-      "--filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fooling=badsum "
-    ];
-  };
-
-  networking = {
-    networkmanager = {
-      enable = true;
-      dns = "none";
-    };
-
-    nameservers = [
-      "127.0.0.1"
-      "::1"
     ];
   };
 }