oqyude/nixos
1
0
Fork 0
mirror of https://github.com/oqyude/nixos.git synced 2026-06-11 04:30:41 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
7713115f887743e016e82cde8dd081724dc41f0c
nixos/modules/vds/xray.nix
T
oqyude 7713115f88 123
2025-11-30 13:51:02 +03:00

166 lines
3.5 KiB
Nix
Raw Blame History

{
config,
inputs,
pkgs,
...
}:
let
xraySettings = {
log = {
loglevel = "warning";
};
inbounds = [
{
port = 8443;
protocol = "vless";
settings = {
clients = [
{
id = builtins.readFile config.sops.secrets.xray_uuid.path;
flow = "xtls-rprx-vision";
}
];
decryption = "none";
};
streamSettings = {
network = "tcp";
security = "reality";
realitySettings = {
dest = "cloudflare.com:443";
serverNames = [
"cloudflare.com"
];
privateKey = builtins.readFile config.sops.secrets.xray_private-key.path;
shortIds = [
"0a381e1fa219"
"be0ce04754dc"
"41beec74f4bc"
];
};
};
sniffing = {
enabled = true;
destOverride = [
"http"
"tls"
];
};
}
{
port = 9443;
protocol = "vless";
settings = {
clients = [
{
id = builtins.readFile config.sops.secrets.xray_uuid.path;
flow = "";
level = 0;
}
];
decryption = "none";
fallbacks = [
{
dest = "cloudflare.com:443";
}
{
dest = "@xhttp";
}
];
};
streamSettings = {
fingerprint = "chrome";
network = "raw";
security = "reality";
realitySettings = {
show = false;
dest = "cloudflare.com:443";
xver = 0;
serverNames = [
"cloudflare.com"
];
privateKey = builtins.readFile config.sops.secrets.xray_private-key.path;
shortIds = [
"0a381e1fa219"
"be0ce04754dc"
"41beec74f4bc"
];
};
};
sniffing = {
enabled = true;
routeOnly = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
{
listen = "@xhttp";
protocol = "vless";
settings = {
clients = [
{
id = builtins.readFile config.sops.secrets.xray_uuid.path;
}
];
};
streamSettings = {
network = "xhttp";
xhttpSettings.path = "/";
};
sniffing = {
enabled = true;
routeOnly = true;
destOverride = [
"http"
"tls"
"quic"
];
};
}
];
outbounds = [
{
protocol = "freedom";
tag = "direct";
}
{
protocol = "blackhole";
tag = "block";
}
];
};
in
{
services.xray = {
enable = true;
settings = inputs.zeroq-credentials.services.xray;
};
networking.firewall = {
allowedTCPPorts = [ 8443 ];
allowedUDPPorts = [ 8443 ];
};
environment.systemPackages = [ pkgs.xray ];
sops.secrets = {
xray_uuid = {
key = "uuid";
mode = "0444";
format = "yaml";
sopsFile = ./secrets/xray.yaml;
path = "/etc/xray/uuid";
};
xray_private-key = {
path = "/etc/xray/private-key";
key = "private-key";
mode = "0444";
format = "yaml";
sopsFile = ./secrets/xray.yaml;
};
};
}
Reference in New Issue View Git Blame Copy Permalink