diff --git a/modules/vds/secrets/xray.yaml b/modules/vds/secrets/xray.yaml
deleted file mode 100644
index 6524b68..0000000
--- a/modules/vds/secrets/xray.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-uuid: ENC[AES256_GCM,data:ISIVGVI2ILnxIGQBZi84cM7sTCOgh6JX6kugxwB+QOBhhvD5,iv:X17MqGOZ69ioW6P5lVx6cyyILaMuPCpZOXimp9JpYHs=,tag:99sGk20v3tEGHlqhbbT+DQ==,type:str]
-private-key: ENC[AES256_GCM,data:u0kQ41APPlasPx9pcp6xOBDxTO2FiMDQKicylYJKO4RJwLkoESpbUZOB4g==,iv:HKEvSczfqJ5VEGQEJ3BCVUvAdqodRG6rK2VqV4jOQLk=,tag:9qw+6uA7QoJ68vK1FArn3A==,type:str]
-x-private-key: ENC[AES256_GCM,data:cXCysVtUsXkF54TzyAhSSXNzxoGZuAwe37y4QKx3GBHqLQ3IDD3tbDbNcw==,iv:aPJgCPOStZEwvd8eCwXbimJveCYsKs4PAJir4yDM/7g=,tag:gT2iONdCq7HhT8v7AuL0bQ==,type:str]
-x-uuid: ENC[AES256_GCM,data:55J7NYRblIab0GdFCE3W1LYMT909wj5C9o9aWK+GXcF6nAOl,iv:9mpyNW+X6dNM4cI83BCrMADSCkP41CAi8JF2DN3zFaA=,tag:PhW7DMAxhMRzkVxh3Iq6Bg==,type:str]
-sops:
-    age:
-        - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZy8zTEI2YzZtMTZ3enAw
-            SDRxZHZRSEY3YVA3blllRUlzd0syN3pLK0RvCk5mUy9zR3Q4TS9jWm1SbE5GOVdI
-            c0hYbnJxVlY0TnRicHFOYXEwYUxwVFEKLS0tIE5EOW9Wanp5YXN1YjF2TnFYSzFL
-            eTVHTVpEKzBIZllheXM5WkFERi9vUXMKzcA4e8aBvUwxgBzAwH/ZkphpMVVJl3NO
-            o5kgbaKyLw5C2jjLiYj8+vapFGV0O1HaTUfwSQ/wh2qh+ltlYot1xg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-30T10:34:26Z"
-    mac: ENC[AES256_GCM,data:jzS1aq1FUYRBW4v1z0F1bp/4Go98PgGxcUAZfNkX+8QBQmw2YYhF61Wl0Fuo3b2xhLN5m8uSOoTbryMcSx4R529pINCqPsyWxjMzDb1yjIya/H1qwySQUju9dvT2iJ0TNTgKcZRd4tQ5raBmthIQuUZtfLKpoQiaOBBClKSe46E=,iv:24PG//VAhThtONZX90nRu4pG28Y1IOdWCHR8QRDNLXc=,tag:3CklInjR51PaLMof30QJEg==,type:str]
-    unencrypted_suffix: _unencrypted
-    version: 3.11.0
diff --git a/modules/vds/xray.nix b/modules/vds/xray.nix
index 0854b74..fe3e1ef 100644
--- a/modules/vds/xray.nix
+++ b/modules/vds/xray.nix
@@ -4,135 +4,6 @@
   pkgs,
   ...
 }:
-let
-  xraySettings = {
-    log = {
-      loglevel = "warning";
-    };
-    inbounds = [
-      {
-        port = 8443;
-        protocol = "vless";
-        settings = {
-          clients = [
-            {
-              id = builtins.readFile config.sops.secrets.xray_uuid.path;
-              flow = "xtls-rprx-vision";
-            }
-          ];
-          decryption = "none";
-        };
-        streamSettings = {
-          network = "tcp";
-          security = "reality";
-          realitySettings = {
-            dest = "cloudflare.com:443";
-            serverNames = [
-              "cloudflare.com"
-            ];
-            privateKey = builtins.readFile config.sops.secrets.xray_private-key.path;
-            shortIds = [
-              "0a381e1fa219"
-              "be0ce04754dc"
-              "41beec74f4bc"
-            ];
-          };
-        };
-        sniffing = {
-          enabled = true;
-          destOverride = [
-            "http"
-            "tls"
-          ];
-        };
-      }
-      {
-        port = 8444;
-        protocol = "vless";
-        settings = {
-          clients = [
-            {
-              id = builtins.readFile config.sops.secrets.xray_uuid.path;
-              flow = "";
-              level = 0;
-            }
-          ];
-          decryption = "none";
-          fallbacks = [
-            {
-              dest = "cloudflare.com:443";
-            }
-            {
-              dest = "@xhttp";
-            }
-          ];
-        };
-        streamSettings = {
-          fingerprint = "chrome";
-          network = "raw";
-          security = "reality";
-          realitySettings = {
-            show = false;
-            dest = "cloudflare.com:443";
-            xver = 0;
-            serverNames = [
-              "cloudflare.com"
-            ];
-            privateKey = builtins.readFile config.sops.secrets.xray_private-key.path;
-            shortIds = [
-              "0a381e1fa219"
-              "be0ce04754dc"
-              "41beec74f4bc"
-            ];
-          };
-        };
-        sniffing = {
-          enabled = true;
-          routeOnly = true;
-          destOverride = [
-            "http"
-            "tls"
-            "quic"
-          ];
-        };
-      }
-      {
-        listen = "@xhttp";
-        protocol = "vless";
-        settings = {
-          clients = [
-            {
-              id = builtins.readFile config.sops.secrets.xray_uuid.path;
-            }
-          ];
-        };
-        streamSettings = {
-          network = "xhttp";
-          xhttpSettings.path = "/";
-        };
-        sniffing = {
-          enabled = true;
-          routeOnly = true;
-          destOverride = [
-            "http"
-            "tls"
-            "quic"
-          ];
-        };
-      }
-    ];
-    outbounds = [
-      {
-        protocol = "freedom";
-        tag = "direct";
-      }
-      {
-        protocol = "blackhole";
-        tag = "block";
-      }
-    ];
-  };
-in
 {
   services.xray = {
     enable = true;
@@ -140,26 +11,26 @@ in
   };
 
   networking.firewall = {
-    allowedTCPPorts = [ 8443 ];
-    allowedUDPPorts = [ 8443 ];
+    allowedTCPPorts = [ 8443 9443 ];
+    allowedUDPPorts = [ 8443 9443 ];
   };
 
   environment.systemPackages = [ pkgs.xray ];
 
-  sops.secrets = {
-    xray_uuid = {
-      key = "uuid";
-      mode = "0444";
-      format = "yaml";
-      sopsFile = ./secrets/xray.yaml;
-      path = "/etc/xray/uuid";
-    };
-    xray_private-key = {
-      path = "/etc/xray/private-key";
-      key = "private-key";
-      mode = "0444";
-      format = "yaml";
-      sopsFile = ./secrets/xray.yaml;
-    };
-  };
+  # sops.secrets = {
+  #   xray_uuid = {
+  #     key = "uuid";
+  #     mode = "0444";
+  #     format = "yaml";
+  #     sopsFile = ./secrets/xray.yaml;
+  #     path = "/etc/xray/uuid";
+  #   };
+  #   xray_private-key = {
+  #     path = "/etc/xray/private-key";
+  #     key = "private-key";
+  #     mode = "0444";
+  #     format = "yaml";
+  #     sopsFile = ./secrets/xray.yaml;
+  #   };
+  # };
 }