-
-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/zapret: init #327903
nixos/zapret: init #327903
Conversation
Options like that should be created: # a better name needed
ipsetHostsUser = {
exclude = mkOption {
type = types.lines;
default = ''
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
169.254.0.0/16
fc00::/7
fe80::/10
'';
description = "Contents of ipset/zapret-hosts-user-exclude.txt.";
};
include = mkOption {
type = types.lines;
default = "";
example = "nonexistent.domain";
description = "Contents of ipset/zapret-hosts-user.txt.";
};
ipban = mkOption {
type = types.lines;
default = "";
example = "nonexistent.domain";
description = "Contents of ipset/zapret-hosts-user-ipban.txt.";
};
}; Then values of these options should be written somewhere. Is there a way (for example, by changing an environment variable) to tell zapret to look for these files in different directory (somewhere in Maybe add arguments with default values like |
I don't think that we can do something with files, that meant to be changed except config. We can put this in package options, but that will be nasty package = pkgs.zapret.override {
zapret-hosts-user = ''
site1
site2
...
'';
}; We can change files in package source so it will look in /etc/zapret rather than in $ZAPRET_BASE/ipset, but that's too much changes. I will create an issue in zapret. For now you can use even nastier method package = pkgs.zapret.overrideAttrs (prev: {
installPhase = ''
${prev.installPhase}
cat << EOF > $out/usr/share/zapret/ipset/needed-file
needed-configuration
EOF
'';
}); |
I think every way to implement it now would be nasty. The only clean way is for bol-van to allow changing these files' location. I'm not an expert but I think configuration files should be separate from program's files. |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review/3032/4379 |
I've created an alternative PR here #347805 |
Closing due to better implementation at #347805 |
Description of changes
Added zapret service. Systemd service is from upstream, not sure if i need to change it, except hardening
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.