feat(nixos): xray

2025-12-04 21:03:01 +00:00
parent b786098867
commit 3e6bf6ce7f
2 changed files with 52 additions and 31 deletions
--- a/nixos/module/hectic/hardware/hetzner-cloud.nix
+++ b/nixos/module/hectic/hardware/hetzner-cloud.nix
@@ -45,10 +45,10 @@ in {
      example = "/dev/disk/by-uuid/f184a16b-6eca-41cb-b48a-ff37cdce1d79";
      description = ''
        boot device uuid 
-	if it is null then will use "/dev/sda" 
-	/dev/sda - default hetzner cloud device
-	!! But can changes on reboot if server have volumes
-	!! So use IDs
+        if it is null then will use "/dev/sda" 
+        /dev/sda - default hetzner cloud device
+        !! But can changes on reboot if server have volumes
+        !! So use IDs
      '';
    };
    networkMatchConfigName = lib.mkOption {
@@ -56,10 +56,10 @@ in {
      example = "enp1s0";
      description = ''
        type of network conection, 
-	on older hetzner servers may be `ens3`
+        on older hetzner servers may be `ens3`
        on newer probably `enp1s0`

-	you can use `networkctl list` on server to know it
+        you can use `networkctl list` on server to know it
      '';
    };
  };
--- a/nixos/system/xray/xray.nix
+++ b/nixos/system/xray/xray.nix
@@ -8,40 +8,61 @@
  modulesPath,
  config,
  ...
-}:
-{
+}: let
+  xrayPort = 10086;
+in {
  imports = [
    self.nixosModules.hectic
  ];

  services.xray = {
    enable  = true;
-    setting = ''
-      {
-        "inbounds": [
-          {
-            "port": 10086,
-            "protocol": "vmess",
-            "settings": {
-              "clients": [
-                {
-                  "id": "b831381d-6324-4d53-ad4f-8cda48b30811"
-                }
-              ]
-            }
-          }
-        ],
-        "outbounds": [
-          {
-            "protocol": "freedom"
-          }
-        ]
-      }
-    '';
+    settings = {
+      "inbounds" = [
+        {
+          "port" = xrayPort;
+          "protocol" = "vmess";
+          "settings" = {
+            "clients" = [
+              {
+                "id" = "04ad600a-0e94-4ba6-af93-74e03fd3f58d";
+              }
+            ];
+          };
+        }
+      ];
+      "log" = {
+        "loglevel" = "warning";
+      };
+      "outbounds" = [
+        {
+          "protocol" = "freedom";
+        }
+      ];
+    };
  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPChQvpyOrPjRjp8pS5Yw+oJVmywDzefzZCXh1d44EY''
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP3HjFoJNGHqHoEw9XLzh766QWknfaN07GGi8lsC2Tv''
+  ];
+
 
  hectic = {
    archetype.base.enable = true;
-    hardware.lenovo-legion.enable = true;
+    archetype.dev.enable  = true;
+    hardware.hetzner-cloud = {
+      enable                 = true;
+      networkMatchConfigName = "enp1s0";
+      ipv4                   = "77.42.45.173";
+      ipv6                   = "2a01:4f9:c013:7230";
+    };
+  };
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      xrayPort
+    ];
  };
 }