55 lines
1.2 KiB
Nix
55 lines
1.2 KiB
Nix
{
|
|
services.dnscrypt-proxy = {
|
|
enable = true;
|
|
|
|
settings = {
|
|
listen_addresses = [
|
|
"127.0.0.1:53"
|
|
"[::1]:53"
|
|
];
|
|
|
|
ignore_system_dns = true;
|
|
|
|
bootstrap_resolvers = [
|
|
"9.9.9.9:53"
|
|
"149.112.112.112:53"
|
|
"1.1.1.1:53"
|
|
];
|
|
|
|
fallback_resolvers = [
|
|
"9.9.9.9:53"
|
|
"1.1.1.1:53"
|
|
];
|
|
};
|
|
};
|
|
|
|
systemd.services.zapret = {
|
|
after = ["network-online.target"];
|
|
wants = ["network-online.target"];
|
|
};
|
|
|
|
services.zapret = {
|
|
enable = true;
|
|
|
|
params = [
|
|
"--dpi-desync=fake"
|
|
"--dpi-desync-ttl=8"
|
|
"--filter-tcp=443 --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fooling=badsum "
|
|
"--filter-udp=443 --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fooling=badsum --new "
|
|
"--filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fooling=badsum "
|
|
"--filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --dpi-desync=fake --dpi-desync-ttl=1 --dpi-desync-fooling=badsum "
|
|
];
|
|
};
|
|
|
|
networking = {
|
|
networkmanager = {
|
|
enable = true;
|
|
dns = "none";
|
|
};
|
|
|
|
nameservers = [
|
|
"127.0.0.1"
|
|
"::1"
|
|
];
|
|
};
|
|
}
|