socks builder now accepts sockets + autostart option + new socks services derivations

2025-12-06 07:16:37 +03:00 · 2024-06-08 00:32:35 +03:00 · 2024-06-08 00:32:35 +03:00 · 49d72b08f8
parent a9401d4dee
commit 49d72b08f8
5 changed files with 155 additions and 12 deletions
--- a/derivations/hola-proxy.nix
+++ b/derivations/hola-proxy.nix
@ -0,0 +1,28 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "hola-proxy";
+  version = "1.13.3";
+
+  src = fetchFromGitHub {
+    owner = "Snawoot";
+    repo = "hola-proxy";
+    rev = "v${version}";
+    hash = "sha256-T4kXwseOspXtu6jMCytCqROwQP1XjKFT2ejfAA36HUY=";
+  };
+
+  vendorHash = "sha256-1mQzeopJzzXV4cCHu30QelCIz6NivOImpiCTpGnAtzY=";
+
+  ldflags = [ "-s" "-w" ];
+
+  meta = with lib; {
+    description = "Standalone Hola proxy client";
+    homepage = "https://github.com/Snawoot/hola-proxy";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+    mainProgram = "hola-proxy";
+  };
+}
--- a/derivations/opera-proxy.nix
+++ b/derivations/opera-proxy.nix
@ -0,0 +1,28 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "opera-proxy";
+  version = "1.2.5";
+
+  src = fetchFromGitHub {
+    owner = "Snawoot";
+    repo = "opera-proxy";
+    rev = "v${version}";
+    hash = "sha256-ZTebhXmyUPONxcOR7+1qQzGKcGlGfOu2OToFaCgSPCQ=";
+  };
+
+  vendorHash = "sha256-IlkMeihvGwuvswOFC8+8ZJCCVWbFnLH51X7Z+VDnZx4=";
+
+  ldflags = [ "-s" "-w" ];
+
+  meta = with lib; {
+    description = "Standalone client for proxies of Opera VPN";
+    homepage = "https://github.com/Snawoot/opera-proxy";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+    mainProgram = "opera-proxy";
+  };
+}
--- a/derivations/windscribe-proxy.nix
+++ b/derivations/windscribe-proxy.nix
@ -0,0 +1,28 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "windscribe-proxy";
+  version = "1.4.0";
+
+  src = fetchFromGitHub {
+    owner = "Snawoot";
+    repo = "windscribe-proxy";
+    rev = "v${version}";
+    hash = "sha256-bVW/cdG1/5WiVZD5yXdkoVqUlYas/CkTD82WANne9gA=";
+  };
+
+  vendorHash = "sha256-K1ca//RdFGbNLrLDHsjaCcChHREO/dvOWg7/auRbFhs=";
+
+  ldflags = [ "-s" "-w" ];
+
+  meta = with lib; {
+    description = "Standalone client for proxies of Windscribe browser extension";
+    homepage = "https://github.com/Snawoot/windscribe-proxy";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+    mainProgram = "windscribe-proxy";
+  };
+}
--- a/pkgs/apps.nix
+++ b/pkgs/apps.nix
@ -40,6 +40,7 @@ in {
    wl-clipboard-x11
    #(callPackage ../derivations/nu_plugin_dns.nix { })
    (fishPlugins.callPackage ../derivations/fish/fish-functions.nix { })
+    (callPackage ../derivations/opera-proxy.nix { })
    xorg.xwininfo
    jq
    dropbox
@ -74,11 +75,11 @@ in {
    lexend # font from google (non-mono)
    ibm-plex
    fira-code
-    # iosevka-comfy.comfy
+    iosevka-comfy.comfy
    # iosevka-comfy.comfy-duo
-    # iosevka-comfy.comfy-wide
-    # iosevka-comfy.comfy-wide-duo
-    iosevka-comfy.comfy-motion-duo
+    iosevka-comfy.comfy-wide
+    iosevka-comfy.comfy-wide-duo
+    # iosevka-comfy.comfy-motion-duo
    jamesdsp easyeffects
    nmap
    wget
@ -94,7 +95,8 @@ in {
    #  '';
    #})
    shwewo.audiorelay
-    shwewo.tdesktop
+    # shwewo.tdesktop
+    # _64gram 
    (pkgs.writeScriptBin "tlp" ''/run/wrappers/bin/sudo ${pkgs.tlp}/bin/tlp $@'')
    prismlauncher
    stable.teleport_12 #work
@ -104,6 +106,7 @@ in {
    atool #unarchive
    open-interpreter
    overrides.diosevka
+    # iosevka-bin
    # overrides.iosevka-comfy
    overrides.vesktop
    # overrides.input-font
--- a/pkgs/socks.nix
+++ b/pkgs/socks.nix
@ -1,15 +1,15 @@
 { pkgs, lib, inputs, ... }:
 let
  nixpkgs2305 = import inputs.nixpkgs2305 { system = "${pkgs.system}"; config = { allowUnfree = true; }; };
-  socksBuilder = attrs:
+  socksBuilder = { name, script, autostart ? true, socketConfig ? null }:
    {
-      inherit (attrs) name;
+      inherit name;
      value = {
        enable = true;
        after = [ "novpn.service" "network-online.target" ];
        wants = [ "novpn.service" "network-online.target" ];
        bindsTo = [ "novpn.service" ];
-        wantedBy = [ "multi-user.target" ];
+        wantedBy = if autostart then [ "multi-user.target" ] else [ ];

        serviceConfig = { 
          Restart = "on-failure"; 
@ -20,7 +20,7 @@ let
          Group = "socks"; 
        };

-        script = attrs.script;
+        script = script;
        preStart = "while true; do ip addr show dev novpn1 | grep -q 'inet' && break; sleep 1; done";

        path = with pkgs; [ 
@ -30,16 +30,60 @@ let
          sing-box 
          wireproxy
          gost
+          (callPackage ../derivations/opera-proxy.nix { })
          ];
      };
    };
  
  socksed = [ # IP of the proxies is 192.168.150.2
    { name = "singbox-aus"; script = "sing-box run -c /run/secrets/singbox-aus";} # port 4000
-    { name = "socks-warp";  script = "wireproxy -c /etc/wireguard/cproxy.conf"; } # port 3333
+    { name = "socks-warp" ; script = "wireproxy -c /etc/wireguzard/cproxy.conf"; } # port 3333
    { name = "socks-novpn"; script = "gost -L socks5://192.168.150.2:3334";     } # port 3334
+    { name = "opera-socks"; 
+    script = "sing-box run -c ${opera-singboxcfg} & opera-proxy -bootstrap-dns https://1.1.1.1/dns-query -bind-address 192.168.150.2:18088"; 
+    autostart = false;
+    socketConfig = { port = "3335"; idleStopSec = "180s"; };
+    } # port 3335
  ];

+  socketsServiceGenerator = { name, port, idleStopSec }: {
+    inherit name;
+    value = {
+      description = "Socket activation for ${name}";
+      wantedBy = [ "sockets.target" ];
+
+      socketConfig = {
+        ListenStream = "${port}";
+        IdleStopSec = idleStopSec;
+      };
+    };
+  };
+
+  opera-singboxcfg = pkgs.writeText "opera-singboxcfg" ''
+  {
+    "log": {
+      "disabled": true,
+      "output": "stdout"
+    },
+    "inbounds": [
+      {
+        "type": "socks",
+        "listen": "192.168.150.2",
+        "listen_port": 3335,
+        "sniff": true,
+        "sniff_override_destination": true
+      }
+    ],
+    "outbounds": [
+      {
+        "type": "http",
+        "server": "192.168.150.2",
+        "server_port": 18088
+      }
+    ]
+  }
+  '';
+
  delete_rules = pkgs.writeScriptBin "delete_rules" ''
    #!${pkgs.bash}/bin/bash
    default_gateway=$(cat /etc/netns/novpn/default_gateway)
@ -117,6 +161,11 @@ let
    ip netns del novpn
    rm -rf /var/run/netns/novpn/
  '';
+
+  socketsBuilder = socketsServiceGenerator;
+  withSockets = lib.filter (s: lib.hasAttr "socketConfig" s) socksed;
+
+  enabledSocksed = lib.filter (s: !lib.hasAttr "autostart" s || s.autostart) socksed;
 in {
  users.users.socks = {
    group = "socks";
@ -124,13 +173,20 @@ in {
  };

  users.groups.socks = {};
+
+  systemd.sockets = builtins.listToAttrs (map (s: socketsBuilder {
+    name = s.name;
+    port = s.socketConfig.port;
+    idleStopSec = s.socketConfig.idleStopSec;
+  }) withSockets);
+
  systemd.services = builtins.listToAttrs (map socksBuilder socksed) // { 
    novpn = {
      enable = true;
      description = "novpn namespace";
      after = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];
-      wants = map (s: "${s.name}.service") socksed ++ [ "network-online.target"];
+      wants = map (s: "${s.name}.service") enabledSocksed ++ [ "network-online.target"];

      serviceConfig = {
        Restart = "on-failure";