启用 xray stat

2026-01-12 04:39:23 +08:00 · 2023-08-11 13:57:25 +08:00
parent 9a1dbe801f
commit 1391870957
3 changed files with 57 additions and 17 deletions
--- a/modules/packages/default.nix
+++ b/modules/packages/default.nix
@@ -36,7 +36,7 @@ inputs:
 					# shell
 					ksh
 					# basic tools
-					beep dos2unix gnugrep pv tmux screen parallel tldr cowsay
+					beep dos2unix gnugrep pv tmux screen parallel tldr cowsay jq
 					# lsxx
 					pciutils usbutils lshw util-linux lsof
 					# top
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -427,7 +427,7 @@ inputs:
 				}
 			)
 			(
-				mkIf services.xrayServer.enable
+				mkIf services.xrayServer.enable (let userList = genList (n: n) 3; in
 				{
 					services =
 					{
@@ -440,7 +440,7 @@ inputs:
 							locations."/".return = "400";
 						};
 					};
-					sops = let userList = genList (n: n) 3; in
+					sops =
 					{
 						templates."xray-server.json" =
 						{
@@ -551,21 +551,58 @@ inputs:
 								};
 							};
 						};
-						secrets = listToAttrs (map (n: { name = "xray-server/clients/user${toString n}"; value = {}; }) userList);
+						secrets = listToAttrs (map (n: { name = "xray-server/clients/user${toString n}"; value = {}; }) userList)
+							// { "xray-server/telegram/token" = {}; "xray-server/telegram/chat" = {}; };
 					};
-					systemd.services.xray =
+					systemd =
 					{
-						serviceConfig =
+						services =
 						{
-							DynamicUser = inputs.lib.mkForce false;
-							User = "v2ray";
-							Group = "v2ray";
-							CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-							AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
-							LimitNPROC = 10000;
-							LimitNOFILE = 1000000;
+							xray =
+							{
+								serviceConfig =
+								{
+									DynamicUser = inputs.lib.mkForce false;
+									User = "v2ray";
+									Group = "v2ray";
+									CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
+									AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
+									LimitNPROC = 10000;
+									LimitNOFILE = 1000000;
+								};
+								restartTriggers = [ inputs.config.sops.templates."xray-server.json".file ];
+							};
+							xray-stat =
+							{
+								script =
+									let
+										xray = "${inputs.pkgs.xray}/bin/xray";
+										bc = "${inputs.pkgs.bc}/bin/bc";
+										curl = "${inputs.pkgs.curl}/bin/curl";
+										token = inputs.config.sops.secrets."xray-server/telegram/token".path;
+										chat = inputs.config.sops.secrets."xray-server/telegram/chat".path;
+									in stripeTabs
+									''
+										message='xray:\n'
+										for i in {0..${toString ((length userList) - 1)}}
+										do
+											traffic_bytes=$(${xray} api stats --server=127.0.0.1:6149 \
+												-name "user>>>''${i}@xray.chn.moe>>>traffic>>>downlink" | , jq '.stat.value' | sed 's/"//g')
+											traffic_bytes=
+											message=$message"$i"'\t'$(echo "scale=4;''${traffic_bytes}/1024/1024/1024" | ${bc})'\n'
+										done
+										${curl} -X POST -H 'Content-Type: application/json' \
+											-d "{\"chat_id\": \"$(cat ${chat})\", \"text\": \"$message\"}" \
+											https://api.telegram.org/bot$(cat ${token})/sendMessage
+									'';
+								serviceConfig = { Type = "oneshot"; User = "v2ray"; Group = "v2ray"; };
+							};
+						};
+						timers.xray-stat =
+						{
+							wantedBy = [ "timers.target" ];
+							timerConfig = { OnCalendar = "*-*-* 0:00:00"; Unit = "xray-stat.service"; };
 						};
-						restartTriggers = [ inputs.config.sops.templates."xray-server.json".file ];
 					};
 					users = { users.v2ray = { isSystemUser = true; group = "v2ray"; }; groups.v2ray = {}; };
 					nixos.services =
@@ -580,7 +617,7 @@ inputs:
 					};
 					security.acme.certs.${services.xrayServer.serverName}.group = "v2ray";
 				}
-			)
+			))
 			{ networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
 			(
 				mkIf services.acme.enable
--- a/secrets/vps6.yaml
+++ b/secrets/vps6.yaml
@@ -7,6 +7,9 @@ xray-server:
        user0: ENC[AES256_GCM,data:rJ00sfe/oJSry6Ixn4Bn+p41syqsOrdWv6fRGVCwPvn/unMY,iv:htTvFMvhIRkORA/gIU8J7CgA+tOncYQWh7sUh+F6XDs=,tag:VrSJBD7ti9WtSLHoWjMClw==,type:str]
        user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str]
        user2: ENC[AES256_GCM,data:e7ITe2ZouKr8dXT7SYATyzbzHaVeu6AKt1OcQKk3U0nsQgoa,iv:UbOOuojy6OAFEH8lGhKe5Hs+2K6FX5MZ8Br9AB007gs=,tag:5XeB4YngzTcHZvCpXe/ZXA==,type:str]
+    telegram:
+        token: ENC[AES256_GCM,data:xsJoGgQ8pLeZqA2alGKkCyrvnjY6rVF5TlXn4GWDrStFBl65XXzwVY/9ZZthYQ==,iv:qTLfpRUyuIGFM668URfknhSRtx3WEHp/WTGzGUPuFd4=,tag:p8mF0tM+t02g7v2EQZN3Vg==,type:str]
+        chat: ENC[AES256_GCM,data:qs4Q3/0THa8a,iv:QdhFvimmirRqVAwE8o1MQkICW5QywoLkG+rO186UbZ0=,tag:U/8HZOTqxu6WqUJiWXOUgQ==,type:int]
 sops:
    kms: []
    gcp_kms: []
@@ -31,8 +34,8 @@ sops:
            ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
            ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-10T11:31:46Z"
-    mac: ENC[AES256_GCM,data:+NY9DY6NvTfGkfrjglcGpBSTLbLSzYw0A9zMo5/sGwcFtJKgjhGTUmKAgjKeojYsXk+ha8mdBoHnpVoW253EYywdq5uSXnw6KDnNZ+UVNxbD3JP9rnx3x+ZWehG7K6NH9ANW4GQjrKW+WDFPCggoviNWRZ3hANWVvJNV3jwj88E=,iv:04RvCNPh1N3uc1pv9Zxwhppe1s5YtpgMhq4VXd+twCA=,tag:4K2RV++JdCBBPYh7InNyjg==,type:str]
+    lastmodified: "2023-08-11T06:43:56Z"
+    mac: ENC[AES256_GCM,data:MxisRMhpKPeCU53vXqKoY8CIOEvAxhkyU5Zv7PUQgB631j9oaVsIkxR7mrzojXUJRBza9WPhhfJrDYLyx0abhcaqdvYFNkJFcev7bYwurZ5eu4l4Q0cjo2YJ/BA50+327M9TKce03s4bCOxKU7GqT70cXJM9Xa1HpENCFowIEe8=,iv:VdGf5nVI8TSo+XnnJGgoVl+yAJ1v0WVAKQ4i75xnQcs=,tag:15zFUVMe0xPdn1Q8rj8VxQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3