decouple vpn and proxies

2025-01-11 22:25:03 +03:00 · 2025-01-11 22:25:03 +03:00 · 476c13d296
commit 476c13d296
parent 1518f7007b
13 changed files with 103 additions and 45 deletions
--- a/m/hypr.nix
+++ b/m/hypr.nix
@ -14,6 +14,10 @@ in
      portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
    };

+    programs.hyprlock = {
+      enable = true;
+    };
+
    environment.systemPackages = with pkgs; [
      dunst
      waybar
--- a/m/sops.nix
+++ b/m/sops.nix
@ -21,7 +21,6 @@ in
      (lib.mkIf sops.work.enable {
        "work/ovpn".sopsFile = ../secrets/work.yaml;
        "work/password".sopsFile = ../secrets/work.yaml;
-        "work/shadowsocks".sopsFile = ../secrets/work.yaml;
      })
    ];
  };
--- a/m/sys.nix
+++ b/m/sys.nix
@ -42,7 +42,6 @@ in
    };

    environment.systemPackages = with pkgs; [
-      jujutsu
      ifuse
      libimobiledevice
    ];
@ -52,17 +51,5 @@ in
      enable = true;
      powerOnBoot = sys.bluetooth.powerOnBoot;
    };
-    # nixpkgs.overlays = [
-    #   (final: prev:
-    #     let
-    #       der = pkgs.callPackage ./ivpn {
-    #         buildGoModule = pkgs.buildGo122Module;
-    #       };
-    #     in
-    #     { ivpn = der.ivpn;
-    #       ivpn-service = der.ivpn-service;
-    #     }
-    #   )
-    # ];
  };
 }
--- a/m/vpn/default.nix
+++ b/m/vpn/default.nix
@ -1,5 +1,6 @@
 {
  imports = [
    ./hft.nix
+    ./shadowsocks.nix
  ];
 }
--- a/m/vpn/hft.nix
+++ b/m/vpn/hft.nix
@ -2,6 +2,7 @@
 let
  types = lib.types;
  hft = config.maid.vpn.hft;
+  proxies = config.maid.proxies;
 in
 {
  options.maid.vpn.hft = {
@ -14,6 +15,12 @@ in
  };

  config = lib.mkIf hft.enable {
+    assertions = [
+      { assertion = proxies.yor.enable;
+        message = "HFT OpenVPN requires shadowsocks server to bypass DPI";
+      }
+    ];
+
    services.openvpn.servers.hft = {
      autoStart = hft.autoStart;
      updateResolvConf = true;
@ -24,16 +31,8 @@ in
      '';
    };

-    systemd.services.hft-shadowsocks = {
-      wantedBy = [ "openvpn-hft.service" ];
-      partOf = [ "openvpn-hft.service" ];
-      after = [ "network.target" ];
-
-      description = "Shadowsocks to bypass OpenVPN block";
-      serviceConfig = {
-        Type = "simple";
-        ExecStart = ''${pkgs.shadowsocks-rust}/bin/sslocal --config ${config.sops.secrets."work/shadowsocks".path}'';
-      };
-    };
+    systemd.services.openvpn-hft.requires = [
+      "yor-proxy.service"
+    ];
  };
 }
--- a/m/vpn/shadowsocks.nix
+++ b/m/vpn/shadowsocks.nix
@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.maid.proxies;
+in
+{
+  options.maid.proxies = {
+    yor = {
+      enable = lib.mkEnableOption "Yor shadowsocks proxy";
+    };
+  };
+
+  config = lib.mkIf cfg.yor.enable {
+    systemd.services.yor-proxy = {
+      after = [ "network.target" ];
+      description = "`Yor` proxy server";
+
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = ''${pkgs.shadowsocks-rust}/bin/sslocal --config ${config.sops.secrets."viendesu/shadowsocks/yor".path}'';
+      };
+    };
+  };
+}