2024-03-31

author: Azat Bahawi <azat@bahawi.net> 2024-03-31 21:29:27 +0300
committer: Azat Bahawi <azat@bahawi.net> 2024-03-31 21:29:27 +0300
commit: 9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch)
tree: f28beec29deeea36038615a8fb98a810891940b5 /modules/nixos/shadowsocks.nix
parent: 2024-03-19 (diff)
1 files changed, 58 insertions, 52 deletions
diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix
index 69688da..670faec 100644
--- a/modules/nixos/shadowsocks.nix
+++ b/modules/nixos/shadowsocks.nix
@@ -5,9 +5,11 @@
   pkgs,
   ...
 }:
-with lib; let
+with lib;
+let
   cfg = config.nixfiles.modules.shadowsocks;
-in {
+in
+{
   options.nixfiles.modules.shadowsocks = {
     enable = mkEnableOption "Shadowsocks";
 
@@ -31,61 +33,65 @@ in {
 
     systemd.services.shadowsocks = {
       description = "Shadowsocks";
-      after = ["network.target"];
-      wantedBy = ["multi-user.target"];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
       serviceConfig = {
         DynamicUser = true;
         RuntimeDirectory = "shadowsocks";
         LoadCredential = "secret.json:${config.secrets.shadowsocks-json.path}";
-        ExecStartPre = let
-          mergeJson = let
-            configFile = pkgs.writeText "config.json" (generators.toJSON {} {
-              server = "::";
-              server_port = cfg.port;
-              # Can't really use AEAD-2022[1] just yet because it's not
-              # supported by some[2] clients.
-              #
-              # [1]: https://shadowsocks.org/doc/sip022.html
-              # [2]: https://github.com/shadowsocks/ShadowsocksX-NG/issues/1480
-              # [2]: https://github.com/shadowsocks/shadowsocks-windows/issues/3448
-              # method = "2022-blake3-chacha20-poly1305";
-              method = "chacha20-ietf-poly1305";
-              password = null; # Must be set as a secret.
-              users = null; # Muse be set as a secret.
-              fast_open = true;
-              acl = pkgs.writeText "block-internal-access.acl" ''
-                [outbound_block_list]
-                0.0.0.0/8
-                10.0.0.0/8
-                100.64.0.0/10
-                127.0.0.0/8
-                169.254.0.0/16
-                172.16.0.0/12
-                192.0.0.0/24
-                192.0.2.0/24
-                192.88.99.0/24
-                192.168.0.0/16
-                198.18.0.0/15
-                198.51.100.0/24
-                203.0.113.0/24
-                224.0.0.0/4
-                240.0.0.0/4
-                255.255.255.255/32
-                ::1/128
-                ::ffff:127.0.0.1/104
-                fc00::/7
-                fe80::/10
+        ExecStartPre =
+          let
+            mergeJson =
+              let
+                configFile = pkgs.writeText "config.json" (
+                  generators.toJSON { } {
+                    server = "::";
+                    server_port = cfg.port;
+                    # Can't really use AEAD-2022[1] just yet because it's not
+                    # supported by some[2] clients.
+                    #
+                    # [1]: https://shadowsocks.org/doc/sip022.html
+                    # [2]: https://github.com/shadowsocks/ShadowsocksX-NG/issues/1480
+                    # [2]: https://github.com/shadowsocks/shadowsocks-windows/issues/3448
+                    # method = "2022-blake3-chacha20-poly1305";
+                    method = "chacha20-ietf-poly1305";
+                    password = null; # Must be set as a secret.
+                    users = null; # Muse be set as a secret.
+                    fast_open = true;
+                    acl = pkgs.writeText "block-internal-access.acl" ''
+                      [outbound_block_list]
+                      0.0.0.0/8
+                      10.0.0.0/8
+                      100.64.0.0/10
+                      127.0.0.0/8
+                      169.254.0.0/16
+                      172.16.0.0/12
+                      192.0.0.0/24
+                      192.0.2.0/24
+                      192.88.99.0/24
+                      192.168.0.0/16
+                      198.18.0.0/15
+                      198.51.100.0/24
+                      203.0.113.0/24
+                      224.0.0.0/4
+                      240.0.0.0/4
+                      255.255.255.255/32
+                      ::1/128
+                      ::ffff:127.0.0.1/104
+                      fc00::/7
+                      fe80::/10
+                    '';
+                  }
+                );
+              in
+              pkgs.writeShellScript "meregeJson" ''
+                ${getExe pkgs.jq} \
+                  -s '.[0] * .[1]' \
+                  ${configFile} \
+                  $CREDENTIALS_DIRECTORY/secret.json \
+                  >$RUNTIME_DIRECTORY/config.json
               '';
-            });
           in
-            pkgs.writeShellScript "meregeJson" ''
-              ${getExe pkgs.jq} \
-                -s '.[0] * .[1]' \
-                ${configFile} \
-                $CREDENTIALS_DIRECTORY/secret.json \
-                >$RUNTIME_DIRECTORY/config.json
-            '';
-        in
           mergeJson;
         ExecStart = "${pkgs.shadowsocks-rust}/bin/ssserver --config \${RUNTIME_DIRECTORY}/config.json";
       };
@@ -100,7 +106,7 @@ in {
       '';
     };
 
-    networking.firewall.allowedTCPPorts = [cfg.port];
+    networking.firewall.allowedTCPPorts = [ cfg.port ];
 
     # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks
     boot.kernel.sysctl = {
author	Azat Bahawi <azat@bahawi.net>	2024-03-31 21:29:27 +0300
committer	Azat Bahawi <azat@bahawi.net>	2024-03-31 21:29:27 +0300
commit	9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch)
tree	f28beec29deeea36038615a8fb98a810891940b5 /modules/nixos/shadowsocks.nix
parent	2024-03-19 (diff)