oqyude/nixos
1
0
Fork 0
mirror of https://github.com/oqyude/nixos.git synced 2026-06-11 04:30:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

123

Browse Source
This commit is contained in:
Jor Oqyude
2025-11-30 14:02:52 +03:00
parent 8ea5796965
commit e379faca94
2 changed files with 18 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/vds/secrets/xray.yaml
-19
View File
@@ -1,19 +0,0 @@
uuid: ENC[AES256_GCM,data:ISIVGVI2ILnxIGQBZi84cM7sTCOgh6JX6kugxwB+QOBhhvD5,iv:X17MqGOZ69ioW6P5lVx6cyyILaMuPCpZOXimp9JpYHs=,tag:99sGk20v3tEGHlqhbbT+DQ==,type:str]
private-key: ENC[AES256_GCM,data:u0kQ41APPlasPx9pcp6xOBDxTO2FiMDQKicylYJKO4RJwLkoESpbUZOB4g==,iv:HKEvSczfqJ5VEGQEJ3BCVUvAdqodRG6rK2VqV4jOQLk=,tag:9qw+6uA7QoJ68vK1FArn3A==,type:str]
x-private-key: ENC[AES256_GCM,data:cXCysVtUsXkF54TzyAhSSXNzxoGZuAwe37y4QKx3GBHqLQ3IDD3tbDbNcw==,iv:aPJgCPOStZEwvd8eCwXbimJveCYsKs4PAJir4yDM/7g=,tag:gT2iONdCq7HhT8v7AuL0bQ==,type:str]
x-uuid: ENC[AES256_GCM,data:55J7NYRblIab0GdFCE3W1LYMT909wj5C9o9aWK+GXcF6nAOl,iv:9mpyNW+X6dNM4cI83BCrMADSCkP41CAi8JF2DN3zFaA=,tag:PhW7DMAxhMRzkVxh3Iq6Bg==,type:str]
sops:
age:
- recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZy8zTEI2YzZtMTZ3enAw
SDRxZHZRSEY3YVA3blllRUlzd0syN3pLK0RvCk5mUy9zR3Q4TS9jWm1SbE5GOVdI
c0hYbnJxVlY0TnRicHFOYXEwYUxwVFEKLS0tIE5EOW9Wanp5YXN1YjF2TnFYSzFL
eTVHTVpEKzBIZllheXM5WkFERi9vUXMKzcA4e8aBvUwxgBzAwH/ZkphpMVVJl3NO
o5kgbaKyLw5C2jjLiYj8+vapFGV0O1HaTUfwSQ/wh2qh+ltlYot1xg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-30T10:34:26Z"
mac: ENC[AES256_GCM,data:jzS1aq1FUYRBW4v1z0F1bp/4Go98PgGxcUAZfNkX+8QBQmw2YYhF61Wl0Fuo3b2xhLN5m8uSOoTbryMcSx4R529pINCqPsyWxjMzDb1yjIya/H1qwySQUju9dvT2iJ0TNTgKcZRd4tQ5raBmthIQuUZtfLKpoQiaOBBClKSe46E=,iv:24PG//VAhThtONZX90nRu4pG28Y1IOdWCHR8QRDNLXc=,tag:3CklInjR51PaLMof30QJEg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
modules/vds/xray.nix
+18 -147
View File
@@ -4,135 +4,6 @@
pkgs, pkgs,
... ...
}: }:
let
xraySettings = {
log = {
loglevel = "warning";
};
inbounds = [
{
port = 8443;
protocol = "vless";
settings = {
clients = [
{
id = builtins.readFile config.sops.secrets.xray_uuid.path;
flow = "xtls-rprx-vision";
}
];
decryption = "none";
};
streamSettings = {
network = "tcp";
security = "reality";
realitySettings = {
dest = "cloudflare.com:443";
serverNames = [
"cloudflare.com"
];
privateKey = builtins.readFile config.sops.secrets.xray_private-key.path;
shortIds = [
"0a381e1fa219"
"be0ce04754dc"
"41beec74f4bc"
];
};
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
];
};
}
{
port = 8444;
protocol = "vless";
settings = {
clients = [
{
id = builtins.readFile config.sops.secrets.xray_uuid.path;
flow = "";
level = 0;
}
];
decryption = "none";
fallbacks = [
{
dest = "cloudflare.com:443";
}
{
dest = "@xhttp";
}
];
};
streamSettings = {
fingerprint = "chrome";
network = "raw";
security = "reality";
realitySettings = {
show = false;
dest = "cloudflare.com:443";
xver = 0;
serverNames = [
"cloudflare.com"
];
privateKey = builtins.readFile config.sops.secrets.xray_private-key.path;
shortIds = [
"0a381e1fa219"
"be0ce04754dc"
"41beec74f4bc"
];
};
};
sniffing = {
enabled = true;
routeOnly = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
{
listen = "@xhttp";
protocol = "vless";
settings = {
clients = [
{
id = builtins.readFile config.sops.secrets.xray_uuid.path;
}
];
};
streamSettings = {
network = "xhttp";
xhttpSettings.path = "/";
};
sniffing = {
enabled = true;
routeOnly = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "direct";
}
{
protocol = "blackhole";
tag = "block";
}
];
};
in
{ {
services.xray = { services.xray = {
enable = true; enable = true;
@@ -140,26 +11,26 @@ in
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 8443 ]; allowedTCPPorts = [ 8443 9443 ];
allowedUDPPorts = [ 8443 ]; allowedUDPPorts = [ 8443 9443 ];
}; };
environment.systemPackages = [ pkgs.xray ]; environment.systemPackages = [ pkgs.xray ];
sops.secrets = { # sops.secrets = {
xray_uuid = { # xray_uuid = {
key = "uuid"; # key = "uuid";
mode = "0444"; # mode = "0444";
format = "yaml"; # format = "yaml";
sopsFile = ./secrets/xray.yaml; # sopsFile = ./secrets/xray.yaml;
path = "/etc/xray/uuid"; # path = "/etc/xray/uuid";
}; # };
xray_private-key = { # xray_private-key = {
path = "/etc/xray/private-key"; # path = "/etc/xray/private-key";
key = "private-key"; # key = "private-key";
mode = "0444"; # mode = "0444";
format = "yaml"; # format = "yaml";
sopsFile = ./secrets/xray.yaml; # sopsFile = ./secrets/xray.yaml;
}; # };
}; # };
} }