mirror of
https://github.com/oqyude/nixos.git
synced 2026-06-11 12:40:44 +03:00
62 lines
1.7 KiB
Nix
Executable File
62 lines
1.7 KiB
Nix
Executable File
{ inputs, ... }@flakeContext:
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
services = {
|
|
nginx = {
|
|
enable = false;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
virtualHosts = {
|
|
"vless-sub" = {
|
|
|
|
serverName = "${inputs.zeroq.devices.vds.hostname}.latxa-platy.ts.net";
|
|
listen = [
|
|
{
|
|
addr = "0.0.0.0"; # Tailscale IP вашего VDS
|
|
port = 44444;
|
|
ssl = false;
|
|
}
|
|
{
|
|
addr = "0.0.0.0"; # Tailscale IP вашего VDS
|
|
port = 44443;
|
|
ssl = true;
|
|
}
|
|
];
|
|
root = "${inputs.zeroq-credentials.paths.vless-subs.root}"; # "${inputs.zeroq-credentials}/services/xray/subs";
|
|
locations."/" = {
|
|
extraConfig = ''
|
|
if ($scheme = http) {
|
|
return 301 https://$host:44443$request_uri;
|
|
}
|
|
'';
|
|
};
|
|
enableACME = true;
|
|
forceSSL = true; # Принудительно HTTPS
|
|
|
|
};
|
|
};
|
|
};
|
|
};
|
|
# security.acme = {
|
|
# acceptTerms = true;
|
|
# defaults.email = "oqyude@gmail.com"; # Укажите ваш email
|
|
# certs."${inputs.zeroq.devices.vds.hostname}.latxa-platy.ts.net" = {
|
|
# dnsProvider = null; # Tailscale hostname не требует DNS-проверки, если используем HTTP-01
|
|
# webroot = "/var/lib/acme/acme-challenge";
|
|
# extraLegoFlags = [ "--http-01.port=80" ];
|
|
# };
|
|
# };
|
|
# networking.firewall.allowedTCPPorts = [
|
|
# 44443
|
|
# 44444
|
|
# 80
|
|
# ];
|
|
}
|