chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-11 16:49:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

modules.services.xray: remove xmuClient, xmuPersist, xmuServer

Browse Source
This commit is contained in:
陈浩南
2025-12-04 20:35:23 +08:00
parent 37ba4f34e7
commit 1db32b29a2
8 changed files with 13 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
devices/nas/default.nix
View File

@@ -34,15 +34,10 @@ inputs:
services =
{
sshd = {};
xray =
xray.client =
{
client =
{
xray.serverName = "xserver2.vps9.chn.moe";
dnsmasq = { extraInterfaces = [ "enp3s0" ]; hosts."git.chn.moe" = "127.0.0.1"; };
};
xmuServer = {};
server.serverName = "xservernas.chn.moe";
xray.serverName = "xserver2.vps9.chn.moe";
dnsmasq = { extraInterfaces = [ "enp3s0" ]; hosts."git.chn.moe" = "127.0.0.1"; };
};
beesd."/".hashTableSizeMB = 10 * 128;
nix-serve.hostname = "nix-store.nas.chn.moe";

12
devices/nas/secrets.yaml
View File

@@ -1,11 +1,5 @@
xray-client:
uuid: ENC[AES256_GCM,data:97aX07G5FPumdWcDxnYOs6fRgljXWuwyNXGg1d7zdbUUfNnb,iv:+wAC/DZXsg+evYFA4DMfLw5Ut3ExQl1RgZ/2AsNQDpo=,tag:ebD77muITHof+FQMydWobg==,type:str]
xray-xmu-server: ENC[AES256_GCM,data:3O5rFi5szla70M/c62JV4nGWKPSOREImrOucjeVYf9bde6K8,iv:PGCqlmHtaNuWOtAAeJ6O+CWFpMszijozU1OpUFrftjs=,tag:iGTOoNvQhhZy2FL9jy1KIQ==,type:str]
xray-server:
clients:
#ENC[AES256_GCM,data:gToh4rgMOQ==,iv:A14sSC7ExbSZNOzzz6mOmWalSz9K6ROoSYgCqdF7j4U=,tag:1Jr2FfVQ9L2w+bWHh/NekQ==,type:comment]
user4: ENC[AES256_GCM,data:/ZrgvlpwDlKhcHqkBRsdqqJsNUxtb3ZnC36mc8qlJ+HP4mY3,iv:R5QzXY0mC72TDB0OcF4fJt3bc5L1Z96Q+n9kNbZP7m4=,tag:tjWSEcsG0udvQZZJ/RMTJw==,type:str]
private-key: ENC[AES256_GCM,data:34FOslwr3AZNDg4YrS95S20agGXwGJRNGnpogMR7utbt1ELUxfQkiAU1qw==,iv:4fiJCi6TJM+NIlfI1qFX/eCNhcVaCWGsLA7iMjQpATw=,tag:eLz8HlQMprQNryk5saqyVQ==,type:str]
store:
signingKey: ENC[AES256_GCM,data:zr02XBgQ4H5jRnjpLtp9rjcysXP9qI7McOiBwaWhdylu5GevKmxlCd4h3pEUO74k+gJT88BzJ+S59P+6DS76Y5nlKqextGMzGjdq5XPkdDkSkKZBai2kkqBSyko=,iv:hyhroaDazMLFeLMGruiFeokZ2Tz3xKj+xCsiEUJ5faQ=,tag:w3805eqo6Y1pw65mjoRgOg==,type:str]
nginx:
@@ -99,7 +93,7 @@ sops:
by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh
kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-12T08:53:54Z"
mac: ENC[AES256_GCM,data:BmUcsv1AFkmIYdrYsYcjZExdyIfbAK+RHeIgaHvvgaGNxl3LxaS04CIwTB7HKA2vl87V+1Z2I/pGdEgE+KcUxl1RaRhGDTjkJeoxubSnwnhPb7B1WAb18MXXD5LiMUZzoGoMcqRTbkBIX9JJHcrdiKuSiXuyn6HbP/9g50unr2w=,iv:XMWqHOtodBX8UvPfGhoSt08gbacabzEJ59r4qrPOx2s=,tag:/dEIE5lMG1J54cIVB2Impg==,type:str]
lastmodified: "2025-12-04T12:33:59Z"
mac: ENC[AES256_GCM,data:PziK49hYICDZX887LZmQhOOtjjijduVZxcimw0P9HecJrixtda2CzG2ZzRK3fmo4qIIWpdopmoNAHkFLV5SmA8W5NCW467fYvETFtChZk/R+7MlzNctCQ3DJKCNIGcPxq+7XuqXcX3Cv6n4tELYs23q9TCkXuEjIRaaL4qYRVq0=,iv:VQdHRmFUUlLOJ+6QRjmhEfYQ6FAcIjgfiCDS63ZjZto=,tag:3Wnkci/4r5xVGZNJ4fXxHw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0

9
devices/pc/secrets/default.yaml
View File

@@ -12,9 +12,6 @@ nix:
remote: ENC[AES256_GCM,data:uosYkxTCB0wiY+Uufk//OcBZFN3EzbZoQGZ95M9eZMjQ5AobAZqosi4laE+EMcZL1CqYqlWXaSoEUOB8biUaZPseo+1AX1TlmUgZ7QpkfOX0VKZu01C6C+lVyqVqMFq6z1BFyX/oeITMIfnd4a/2KwJCHLAZ4hMkJ5p+aJwByKGa3N/2m41HH/1S3z7pYQWj7YJxunTPPG6WNSiRncQki11rvmddwnXmsBF89+jW1Phge8U295haC57T5oIGPxR645IeTK4ZUlL8eVuZ+BhsnwbkYcaxvjSwe+DOIVPupR8GW+gis7KxwE89kqvnQhinamexcPUz4lGHlqO/Xn6jrJx6T/wXF+19epAzeHapYte3dTWNsdPwPLPJihT16YT5fwrLnH3zq8kexWz1crmnCGUoaBs4S2tHWHLgv2lTv0IHLx5F6ijpDBj/Avg9YILIURzdeea+rBxdycHasUDTVlJtYKRH5J+WbAKWI+oJ5qmXjIRUYL+O9xIUfOGO+1b3xs8MYxRWuvDV2P88N8vN,iv:yQQp5wjbSVn1oia5yL7d6GF9Vo704G0iOQRGMbzQHzg=,tag:bpBag5y5n+7ojOa8QOcDvA==,type:str]
searx:
secret-key: ENC[AES256_GCM,data:KhIP+Rz3rMfNgPEGTlKGvm6gl1/ZuPI=,iv:GcaLEJHKJO3n6IaeiFr9PaJ6eNx04/VjX3UgmBF429g=,tag:HkplyH9hTHUaEZ709TyitA==,type:str]
xray-xmu-client:
uuid: ENC[AES256_GCM,data:XiUkReTJLAxZNWFVeD6EiOtUX5tsyPLFi6QyDBdHyB4v5/mD,iv:QppdtP2CFDEVhlrmDJKYBGc1zYGJvpGYxLfsBAMxDSI=,tag:jzMSFRit+aBzWMkaa3+5hA==,type:str]
cookie: ENC[AES256_GCM,data:0jqSEZloX2/c8Zg4WTKkLw==,iv:BKLm1KMoRrH0uO6hPMsv2a7sG0AwNRrdbpmABP4BszA=,tag:pBs+rQIhhNO4Qr6q1V3MUA==,type:str]
tinc: ENC[AES256_GCM,data:qI2KAyJiC9m+IOzTQ7SFjWnjzzkxvNe6R2yxyK+C/YnEK4JdYqEETIMuqAUQxaSyHjKk9x6kDs3YPC2AyNKf+lc22YoB35Eo5ym+3+GDDPTL4wL4aI4xnGHVLH3JrSFHDyIbvu8R2NLnSy2j4O5Uj+jJmOz/b1xV8zeLbdoFwLgZCbcxvqkIwMlJdDGjAtjEb8eDkjtVzSRSPXohgYgmhxKZyA5/7c41e+/X6RIsHHeOD+Ppz5jlYAkRrsvAxGTfrMN2xTZopxc=,iv:E/8ys6ucmmaKawqrgumJdjTsC17F7Y0RgnHYfu3RIPQ=,tag:OZM/HG88gyF9TZXwHcd3nA==,type:str]
open-webui:
openai: ENC[AES256_GCM,data:8CQLvoDuGtQ7PN+1SOmXF48dV/G6fDOiu6olkhSbWEjYcNO4VVmxtHw=,iv:rKBxOTB7/LXfXWVrBFBJeyn43R82oBYCxup8OzWvzKk=,tag:ByoyMizWc9Lpnt+ciYcszg==,type:str]
@@ -39,7 +36,7 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-06T12:37:57Z"
mac: ENC[AES256_GCM,data:7iy/orIRUCtFhTaHdskIYu7b9a3uqM4xz+2hRSAvJ7HeKEWFcgCOhE8t5jPkXTi8gMciw/I60015k+GF/mY7cK2Sa/HiWptGwhKAr1jNF4LgJN13eG+7HLQ7Y2SopAzVV2+j0Sit7gsg8x+a1hR/Xi6OBu8ecjyW//Rcelj/Lwc=,iv:F82F+w7BRO3ubZjzV2TU4d0pqbf9d6gUAEZ5YOzEQ1M=,tag:TKMi/mHSqtVv+kvhRbRxmQ==,type:str]
lastmodified: "2025-12-04T12:34:21Z"
mac: ENC[AES256_GCM,data:S2ijc6yqf12ETehYD5Qbjf5CqEv9JiPOiP1cp2O/WiVPM/fUYBgae/jCC22KEoo4EbSgefV0IvTNM+1Xw2ROmIE19I6vLvKcc1B+qI2kUtXurL1XcpYWNiZg+dlLFFYq8NloktwC9TWQuOC4c6kI2UaWYvzOx9ZBDZ8NLJCHbWo=,iv:/fGS/lgnVFlTdIS+IpKTfyKinfGSUbb1tbLM0jPZxvE=,tag:oVs/jCBRoRBCBbTBOuRjSA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0

2
devices/vps6/default.nix
View File

@@ -25,7 +25,7 @@ inputs:
services =
{
sshd = {};
xray = { server = {}; xmuPersist = {}; };
xray.server = {};
nginx =
{
streamProxy.map =

8
devices/vps6/secrets.yaml
View File

@@ -2,8 +2,6 @@ send:
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
coturn:
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
xray-xmu-client:
cookie: ENC[AES256_GCM,data:RZ2WFnsX7s/PVqA7ZKhGqw==,iv:CknFoAcHIiIwJI1IEXkFdWXcOCAZr50pfwmQN72OI8o=,tag:w2pNU1APxlSQsGMIEdE2OA==,type:str]
tinc: ENC[AES256_GCM,data:E3OrPA67R48x5FJUW0ZbERlclz8Z/XokAaGTeBQLPEHSeqEArHYSZkdJRZejFrBruJPlGZMPNBQzlIBXOfXKwMnlBDaGJIIJHIzPDGG9W7QF4IIRK/BjVZHFwfKvZtbUDGsqLcCSe5+ttmyucBaFGquXhnD/Tu09uyWtRvS10KAJLY0Z2/16CFB1+8egJIcYw2TFXObo+KR92Va0qwiDSepKaJtYLimDGRKk04QGj+BYa5y8PjIG6bz8UG82mmCiV7XM3EPlSMA=,iv:kawsklNGFbRhxKuUwvNL2WyBxuYu2T/uks1cJ4i8NhA=,tag:V+jAaxQX7JCiR5+wIVW4Nw==,type:str]
postgresql:
headscale: ENC[AES256_GCM,data:z2cyyT1TcIhNJCBeGn072aFI2nAioWZQvpyzoky4tWtMymKlw4ilOtSYAsp+kaNOoqvWSmoAQNJLNzeDk1iTCQ==,iv:hZdS/CAVBO0k/AmX3qw3YwTYgK49Aeu5QI3YCAduiZ0=,tag:2l4GPV/T2GHjAAUDX3LaEA==,type:str]
@@ -27,7 +25,7 @@ sops:
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-16T03:45:41Z"
mac: ENC[AES256_GCM,data:AnvNGraWYOKZHtmI73wWerrFRNjAlZdcVSPXDsv+x/0Dohq+9KB/PoWoczXQTUy240BDErXp7UrNmNgwyGtUofdQvJqmdJ2vFkTW0VIWJ1Alq489nafdanGwn97P/aluHqF+zhgBCANAGwIVLaEAggR/xCdidcyn01taHpKoVfE=,iv:frCptbX5gtEmjL7XfCIRaB5jwqOLGJkpVuaOoo/Tg6k=,tag:G0C0ZZ0V24YN+vNv4z4xHQ==,type:str]
lastmodified: "2025-12-04T12:35:00Z"
mac: ENC[AES256_GCM,data:hiEzLAEtU82Be/+nuMv10/ex/ZacXkNR9LkxdBn/x3kY/0uwHSDI9LGjn0b0/KWIg5zLoxV+zPZEBJQhN4QcRzDT6538zwc0yTv9fkFS0NUF5GchHi8Is6EjjHANbSLe3MEwFumKjx3Lm8AyMjcOXiCckzo4aXV98SHZW9EMVbQ=,iv:Nzzlfsm2aMSVa6NNh4ar67J5dzheWRIVLHSUu5ndjvE=,tag:jO8x2LUpP75g7cXyIYDfQw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0

91
modules/services/xray/xmuClient.nix
View File

@@ -1,91 +0,0 @@
inputs:
{
options.nixos.services.xray.xmuClient = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule (submoduleInputs: { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = "xserverxmu.chn.moe"; };
};}));
default = null;
};
config = let inherit (inputs.config.nixos.services.xray) xmuClient; in inputs.lib.mkIf (xmuClient != null)
{
nixos.system.sops =
{
templates."xray-xmu-client.json" =
{
owner = inputs.config.users.users.v2ray.name;
group = inputs.config.users.users.v2ray.group;
content = builtins.toJSON
{
log.loglevel = "warning";
inbounds =
[
{
port = 10983;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "tproxy-in";
}
{ port = 10984; protocol = "socks"; settings.udp = true; tag = "socks-in"; }
];
outbounds =
[{
protocol = "vless";
settings.vnext =
[{
address = "webvpn.xmu.edu.cn";
port = 443;
users =
[{ id = inputs.config.nixos.system.sops.placeholder."xray-xmu-client/uuid"; encryption = "none"; }];
}];
streamSettings =
{
network = "xhttp";
security = "tls";
xhttpSettings =
{
path = "${inputs.pkgs.localPackages.webvpnPath xmuClient.hostname}/xsession";
mode = "packet-up";
security = "tls";
extra.headers.Cookie =
let ticket = inputs.config.nixos.system.sops.placeholder."xray-xmu-client/cookie";
in "show_vpn=0; heartbeat=1; show_faq=0; wengine_vpn_ticketwebvpn_xmu_edu_cn=${ticket}";
};
tlsSettings.alpn = [ "http/1.1" ];
};
}];
};
};
secrets = { "xray-xmu-client/uuid" = {}; "xray-xmu-client/cookie" = {}; };
};
systemd.services =
{
xray-xmu-client =
{
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = let config = inputs.config.nixos.system.sops.templates."xray-xmu-client.json".path; in
"exec ${inputs.pkgs.xray}/bin/xray -config ${config}";
serviceConfig =
{
User = "v2ray";
Group = "v2ray";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
NoNewPrivileges = true;
LimitNPROC = 65536;
LimitNOFILE = 524288;
CPUSchedulingPolicy = "rr";
};
restartTriggers = [ inputs.config.nixos.system.sops.templates."xray-xmu-client.json".file ];
};
};
users =
{
users.v2ray = { uid = inputs.config.nixos.user.uid.v2ray; group = "v2ray"; isSystemUser = true; };
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
};
};
}

57
modules/services/xray/xmuPersist.nix
View File

@@ -1,57 +0,0 @@
inputs:
{
options.nixos.services.xray.xmuPersist = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule (submoduleInputs: { options =
{
keepAliveHost = mkOption { type = types.nonEmptyStr; default = "blog.chn.moe"; };
};}));
default = null;
};
config = let inherit (inputs.config.nixos.services.xray) xmuPersist; in inputs.lib.mkIf (xmuPersist != null)
{
nixos.system.sops =
{
templates."xray-xmu-persist-cookie.txt" =
{
owner = inputs.config.users.users.v2ray.name;
group = inputs.config.users.users.v2ray.group;
content = let cookie = inputs.config.nixos.system.sops.placeholder."xray-xmu-client/cookie"; in
''
.webvpn.xmu.edu.cn TRUE / TRUE 0 wengine_vpn_ticketwebvpn_xmu_edu_cn ${cookie}
webvpn.xmu.edu.cn FALSE / TRUE 0 show_vpn 0
webvpn.xmu.edu.cn FALSE / TRUE 0 heartbeat 1
webvpn.xmu.edu.cn FALSE / TRUE 0 show_faq 0
webvpn.xmu.edu.cn FALSE / FALSE 0 refresh 0
'';
};
secrets."xray-xmu-client/cookie" = {};
};
systemd =
{
services.xray-xmu-persist =
{
script =
let
curl = "${inputs.pkgs.curl}/bin/curl";
cookie = inputs.config.nixos.system.sops.templates."xray-xmu-persist-cookie.txt".path;
in
''
${curl} -s -o /dev/null -w "%{http_code}\n" -b ${cookie} \
"https://webvpn.xmu.edu.cn${inputs.pkgs.localPackages.webvpnPath xmuPersist.keepAliveHost}/";
'';
serviceConfig = { Type = "oneshot"; User = "v2ray"; Group = "v2ray"; };
};
timers.xray-xmu-persist =
{
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*-*-* *:*:00"; Unit = "xray-xmu-persist.service"; };
};
};
users =
{
users.v2ray = { uid = inputs.config.nixos.user.uid.v2ray; group = "v2ray"; isSystemUser = true; };
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
};
};
}

65
modules/services/xray/xmuServer.nix
View File

@@ -1,65 +0,0 @@
inputs:
{
options.nixos.services.xray.xmuServer = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = "xserverxmu.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services.xray) xmuServer; in inputs.lib.mkIf (xmuServer != null)
{
nixos.system.sops =
{
templates."xray-xmu-server.json" =
{
owner = inputs.config.users.users.v2ray.name;
content = builtins.toJSON
{
log.loglevel = "warning";
inbounds =
[{
port = 4727;
listen = "127.0.0.1";
protocol = "vless";
settings =
{
clients = [{ id = inputs.config.nixos.system.sops.placeholder."xray-xmu-server"; }];
decryption = "none";
};
streamSettings = { network = "xhttp"; xhttpSettings = { mode = "packet-up"; path = "/xsession"; }; };
tag = "in";
}];
outbounds = [{ protocol = "freedom"; tag = "freedom"; }];
};
};
secrets."xray-xmu-server" = {};
};
systemd.services.xray-xmu-server =
{
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = let config = inputs.config.nixos.system.sops.templates."xray-xmu-server.json".path; in
"exec ${inputs.pkgs.xray}/bin/xray -config ${config}";
serviceConfig =
{
User = "v2ray";
Group = "v2ray";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
NoNewPrivileges = true;
LimitNPROC = 65536;
LimitNOFILE = 524288;
};
restartTriggers = [ inputs.config.nixos.system.sops.templates."xray-xmu-server.json".file ];
};
users =
{
users.v2ray = { uid = inputs.config.nixos.user.uid.v2ray; group = "v2ray"; isSystemUser = true; };
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
};
nixos.services.nginx.https.${xmuServer.hostname}.location =
{ "/".return.return = "400"; "/xsession".proxy.upstream = "http://127.0.0.1:4727"; };
};
}