123

2026-06-11 04:30:41 +03:00 · 2025-07-24 23:29:07 +03:00
parent a9c2ab1659
commit 1d8398e891
2 changed files with 38 additions and 12 deletions
@@ -544,11 +544,11 @@
    },
    "zeroq-credentials": {
      "locked": {
-        "lastModified": 1753364427,
-        "narHash": "sha256-80qOUx/1DspR1RzdkUFxhaqvxfqcVDnbp3kAfq151tI=",
+        "lastModified": 1753387589,
+        "narHash": "sha256-kJypMcuUJ6PRVrBQxQa7qYhPmyEDh14aZ8EMSLALhwA=",
        "ref": "refs/heads/master",
-        "rev": "36b8715d3aafab43fbec37855f7e8793d59bef29",
-        "revCount": 16,
+        "rev": "5973e19fc796a3bb6124d6f44400da8dc8f3196b",
+        "revCount": 18,
        "type": "git",
        "url": "ssh://git@github.com/oqyude/zeroq-credentials.git"
      },
@@ -8,27 +8,53 @@
 {
  services = {
    nginx = {
-      enable = false;
+      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      virtualHosts = {
-        "localhost:10000" = {
-          forceSSL = false;
-          enableACME = false;
+        "vless-sub" = {
+
+          serverName = "${inputs.zeroq.devices.vds.hostname}.latxa-platy.ts.net";
          listen = [
            {
-              addr = "100.64.0.0";
-              port = 10000;
+              addr = "${inputs.zeroq.devices.vds.hostname}.latxa-platy.ts.net"; # Tailscale IP вашего VDS
+              port = 44444;
+              ssl = false;
            }
            {
-              addr = "192.168.1.20";
-              port = 10000;
+              addr = "${inputs.zeroq.devices.vds.hostname}.latxa-platy.ts.net"; # Tailscale IP вашего VDS
+              port = 44443;
+              ssl = true;
            }
          ];
+          root = "${inputs.zeroq-credentials.paths.vless-subs.root}"; # "${inputs.zeroq-credentials}/services/xray/subs";
+          locations."/" = {
+            extraConfig = ''
+              if ($scheme = http) {
+                return 301 https://$host:44443$request_uri;
+              }
+            '';
+          };
+          enableACME = true;
+          forceSSL = true; # Принудительно HTTPS
+
        };
      };
    };
  };
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "oqyude@gmail.com"; # Укажите ваш email
+    certs."${inputs.zeroq.devices.vds.hostname}.latxa-platy.ts.net" = {
+      dnsProvider = null; # Tailscale hostname не требует DNS-проверки, если используем HTTP-01
+      webroot = "/var/lib/acme/acme-challenge";
+    };
+  };
+  networking.firewall.allowedTCPPorts = [
+    44443
+    44444
+    80
+  ];
 }