diff options
Diffstat (limited to 'modules/shadowsocks.nix')
| -rw-r--r-- | modules/shadowsocks.nix | 57 |
1 files changed, 27 insertions, 30 deletions
diff --git a/modules/shadowsocks.nix b/modules/shadowsocks.nix index 5f847be..a6f5948 100644 --- a/modules/shadowsocks.nix +++ b/modules/shadowsocks.nix @@ -6,22 +6,21 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.shadowsocks; in { options.nixfiles.modules.shadowsocks = { - enable = mkEnableOption "Shadowsocks"; + enable = lib.mkEnableOption "Shadowsocks"; - port = mkOption { - type = with types; port; + port = lib.mkOption { + type = lib.types.port; default = 8388; description = "Port."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { secrets.shadowsocks-json.file = "${inputs.self}/secrets/shadowsocks-json"; services.fail2ban.jails.shadowsocks = { @@ -45,7 +44,7 @@ in mergeJson = let configFile = pkgs.writeText "config.json" ( - generators.toJSON { } { + lib.generators.toJSON { } { server = "::"; server_port = cfg.port; # Can't really use AEAD-2022[1] just yet because it's not @@ -86,7 +85,7 @@ in ); in pkgs.writeShellScript "meregeJson" '' - ${getExe pkgs.jq} \ + ${lib.getExe pkgs.jq} \ -s '.[0] * .[1]' \ ${configFile} \ $CREDENTIALS_DIRECTORY/secret.json \ @@ -98,7 +97,7 @@ in }; }; - environment.etc = mkIf config.nixfiles.modules.fail2ban.enable { + environment.etc = lib.mkIf config.nixfiles.modules.fail2ban.enable { "fail2ban/filter.d/shadowsocks.conf".text = '' [Definition] failregex = ^.*tcp handshake failed.*\[::ffff:<ADDR>\].*$ @@ -111,34 +110,32 @@ in # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks boot.kernel.sysctl = { - "net.core.rmem_max" = mkOverride 100 (pow 2 26); - "net.core.wmem_max" = mkOverride 100 (pow 2 26); - "net.core.netdev_max_backlog" = pow 2 18; - "net.core.somaxconn" = pow 2 12; + "net.core.rmem_max" = lib.pow 2 26 |> lib.mkOverride 100; + "net.core.wmem_max" = lib.pow 2 26 |> lib.mkOverride 100; + "net.core.netdev_max_backlog" = lib.pow 2 18; + "net.core.somaxconn" = lib.pow 2 12; "net.ipv4.tcp_syncookies" = 1; - "net.ipv4.tcp_tw_reuse" = mkOverride 100 1; - "net.ipv4.tcp_tw_recycle" = mkOverride 100 0; - "net.ipv4.tcp_fin_timeout" = mkOverride 100 30; + "net.ipv4.tcp_tw_reuse" = lib.mkOverride 100 1; + "net.ipv4.tcp_tw_recycle" = lib.mkOverride 100 0; + "net.ipv4.tcp_fin_timeout" = lib.mkOverride 100 30; "net.ipv4.tcp_keepalive_time" = 60 * 20; "net.ipv4.ip_local_port_range" = "10000 65000"; - "net.ipv4.tcp_max_syn_backlog" = pow 2 13; - "net.ipv4.tcp_max_tw_buckets" = pow 2 12; - "net.ipv4.tcp_fastopen" = mkOverride 100 3; - "net.ipv4.tcp_mem" = mkOverride 100 (mkTcpMem 15 16 17); - "net.ipv4.tcp_rmem" = mkOverride 100 (mkTcpMem 12 16 26); - "net.ipv4.tcp_wmem" = mkOverride 100 (mkTcpMem 12 16 26); - "net.ipv4.tcp_mtu_probing" = mkOverride 100 1; + "net.ipv4.tcp_max_syn_backlog" = lib.pow 2 13; + "net.ipv4.tcp_max_tw_buckets" = lib.pow 2 12; + "net.ipv4.tcp_fastopen" = lib.mkOverride 100 3; + "net.ipv4.tcp_mem" = lib.mkTcpMem 15 16 17 |> lib.mkOverride 100; + "net.ipv4.tcp_rmem" = lib.mkTcpMem 12 16 26 |> lib.mkOverride 100; + "net.ipv4.tcp_wmem" = lib.mkTcpMem 12 16 26 |> lib.mkOverride 100; + "net.ipv4.tcp_mtu_probing" = lib.mkOverride 100 1; }; - topology = with cfg; { - nodes.${this.hostname}.services.shadowsocks = { - name = "Shadowsocks"; - icon = pkgs.fetchurl { - url = "https://upload.wikimedia.org/wikipedia/commons/f/f5/Shadowsocks-Logo.svg"; - hash = "sha256-NzGt0WQA4NQpMPsOTWgBrghuewxQeDoSe46oTm0f+BY="; - }; - details.listen.text = ":::${toString port}"; + topology.nodes.${this.hostname}.services.shadowsocks = { + name = "Shadowsocks"; + icon = pkgs.fetchurl { + url = "https://upload.wikimedia.org/wikipedia/commons/f/f5/Shadowsocks-Logo.svg"; + hash = "sha256-NzGt0WQA4NQpMPsOTWgBrghuewxQeDoSe46oTm0f+BY="; }; + details.listen.text = ":::${toString cfg.port}"; }; }; } |