oqyude/nixos
1
0
Fork 0
mirror of https://github.com/oqyude/nixos.git synced 2026-06-11 04:30:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

123

Browse Source
This commit is contained in:
Jor Oqyude
2025-10-10 10:54:47 +03:00
parent f9036cf4ab
commit c2038cecc2
2 changed files with 87 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixosModules/vds/secrets/xray.yaml
+17
View File
@@ -0,0 +1,17 @@
uuid: ENC[AES256_GCM,data:ISIVGVI2ILnxIGQBZi84cM7sTCOgh6JX6kugxwB+QOBhhvD5,iv:X17MqGOZ69ioW6P5lVx6cyyILaMuPCpZOXimp9JpYHs=,tag:99sGk20v3tEGHlqhbbT+DQ==,type:str]
private-key: ENC[AES256_GCM,data:u0kQ41APPlasPx9pcp6xOBDxTO2FiMDQKicylYJKO4RJwLkoESpbUZOB4g==,iv:HKEvSczfqJ5VEGQEJ3BCVUvAdqodRG6rK2VqV4jOQLk=,tag:9qw+6uA7QoJ68vK1FArn3A==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZy8zTEI2YzZtMTZ3enAw
SDRxZHZRSEY3YVA3blllRUlzd0syN3pLK0RvCk5mUy9zR3Q4TS9jWm1SbE5GOVdI
c0hYbnJxVlY0TnRicHFOYXEwYUxwVFEKLS0tIE5EOW9Wanp5YXN1YjF2TnFYSzFL
eTVHTVpEKzBIZllheXM5WkFERi9vUXMKzcA4e8aBvUwxgBzAwH/ZkphpMVVJl3NO
o5kgbaKyLw5C2jjLiYj8+vapFGV0O1HaTUfwSQ/wh2qh+ltlYot1xg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-10T07:50:55Z"
mac: ENC[AES256_GCM,data:19bVxUtE2QR+o497vof7UeRIbA+Ki3tX1iNMUHdtWbZkvSZbjh6eAp1OSk8d+syo1TkTZdYYWdmbsUmJq/q4cfEvCvOJpoCW6JOTooRoC3xYfJLsxs3QSn9HTM/FBEaAFfqpzemyaulk7AVbFy5Fl5Ta13hz/YIJcxNa4Q9kGbA=,iv:6tu0HWo1aIhlxf4RnK1PeujLDPg1yxNOclRUXA2bxEQ=,tag:O/+x8taMuE5mvw1+rqkcsw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
nixosModules/vds/xray.nix
+70
View File
@@ -4,6 +4,61 @@
pkgs, pkgs,
... ...
}: }:
let
xraySettings = {
log = {
loglevel = "warning";
};
inbounds = [
{
port = 8443;
protocol = "vless";
settings = {
clients = [
{
id = config.sops.secrets.xray_uuid.path;
flow = "xtls-rprx-vision";
}
];
decryption = "none";
};
streamSettings = {
network = "tcp";
security = "reality";
realitySettings = {
dest = "cloudflare.com:443";
serverNames = [
"cloudflare.com"
];
privateKey = config.sops.secrets.xray_private-key.path;
shortIds = [
"0a381e1fa219"
"be0ce04754dc"
"41beec74f4bc"
];
};
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "direct";
}
{
protocol = "blackhole";
tag = "block";
}
];
};
in
{ {
services.xray = { services.xray = {
enable = true; enable = true;
@@ -16,4 +71,19 @@
}; };
environment.systemPackages = [ pkgs.xray ]; environment.systemPackages = [ pkgs.xray ];
sops.secrets = {
xray_uuid = {
key = "uuid";
mode = 444;
format = "yaml";
sopsFile = ./secrets/xray.yaml;
};
xray_private-key = {
key = "private-key";
mode = 444;
format = "yaml";
sopsFile = ./secrets/xray.yaml;
};
};
} }