feat(nixos): xray
This commit is contained in:
@@ -45,10 +45,10 @@ in {
|
|||||||
example = "/dev/disk/by-uuid/f184a16b-6eca-41cb-b48a-ff37cdce1d79";
|
example = "/dev/disk/by-uuid/f184a16b-6eca-41cb-b48a-ff37cdce1d79";
|
||||||
description = ''
|
description = ''
|
||||||
boot device uuid
|
boot device uuid
|
||||||
if it is null then will use "/dev/sda"
|
if it is null then will use "/dev/sda"
|
||||||
/dev/sda - default hetzner cloud device
|
/dev/sda - default hetzner cloud device
|
||||||
!! But can changes on reboot if server have volumes
|
!! But can changes on reboot if server have volumes
|
||||||
!! So use IDs
|
!! So use IDs
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
networkMatchConfigName = lib.mkOption {
|
networkMatchConfigName = lib.mkOption {
|
||||||
@@ -56,10 +56,10 @@ in {
|
|||||||
example = "enp1s0";
|
example = "enp1s0";
|
||||||
description = ''
|
description = ''
|
||||||
type of network conection,
|
type of network conection,
|
||||||
on older hetzner servers may be `ens3`
|
on older hetzner servers may be `ens3`
|
||||||
on newer probably `enp1s0`
|
on newer probably `enp1s0`
|
||||||
|
|
||||||
you can use `networkctl list` on server to know it
|
you can use `networkctl list` on server to know it
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -8,40 +8,61 @@
|
|||||||
modulesPath,
|
modulesPath,
|
||||||
config,
|
config,
|
||||||
...
|
...
|
||||||
}:
|
}: let
|
||||||
{
|
xrayPort = 10086;
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
self.nixosModules.hectic
|
self.nixosModules.hectic
|
||||||
];
|
];
|
||||||
|
|
||||||
services.xray = {
|
services.xray = {
|
||||||
enable = true;
|
enable = true;
|
||||||
setting = ''
|
settings = {
|
||||||
{
|
"inbounds" = [
|
||||||
"inbounds": [
|
{
|
||||||
{
|
"port" = xrayPort;
|
||||||
"port": 10086,
|
"protocol" = "vmess";
|
||||||
"protocol": "vmess",
|
"settings" = {
|
||||||
"settings": {
|
"clients" = [
|
||||||
"clients": [
|
{
|
||||||
{
|
"id" = "04ad600a-0e94-4ba6-af93-74e03fd3f58d";
|
||||||
"id": "b831381d-6324-4d53-ad4f-8cda48b30811"
|
}
|
||||||
}
|
];
|
||||||
]
|
};
|
||||||
}
|
}
|
||||||
}
|
];
|
||||||
],
|
"log" = {
|
||||||
"outbounds": [
|
"loglevel" = "warning";
|
||||||
{
|
};
|
||||||
"protocol": "freedom"
|
"outbounds" = [
|
||||||
}
|
{
|
||||||
]
|
"protocol" = "freedom";
|
||||||
}
|
}
|
||||||
'';
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPChQvpyOrPjRjp8pS5Yw+oJVmywDzefzZCXh1d44EY''
|
||||||
|
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP3HjFoJNGHqHoEw9XLzh766QWknfaN07GGi8lsC2Tv''
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
hectic = {
|
hectic = {
|
||||||
archetype.base.enable = true;
|
archetype.base.enable = true;
|
||||||
hardware.lenovo-legion.enable = true;
|
archetype.dev.enable = true;
|
||||||
|
hardware.hetzner-cloud = {
|
||||||
|
enable = true;
|
||||||
|
networkMatchConfigName = "enp1s0";
|
||||||
|
ipv4 = "77.42.45.173";
|
||||||
|
ipv6 = "2a01:4f9:c013:7230";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedTCPPorts = [
|
||||||
|
xrayPort
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user