mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 04:39:23 +08:00
modules.services.frp: remove
This commit is contained in:
@@ -27,7 +27,6 @@ inputs:
|
||||
{
|
||||
sshd = {};
|
||||
xray.server = {};
|
||||
frpServer = { enable = true; serverName = "frp.chn.moe"; };
|
||||
nginx =
|
||||
{
|
||||
streamProxy.map =
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
frp:
|
||||
token: ENC[AES256_GCM,data:T8b1ku4HNCNSJ+33QgIt1GILFA4wTu3Qd0rDqHPVgdqsGo0R90k0u8z+dElSO7q9PapTqUbZ,iv:hwnMu6JxfYLgw4TyhujX5dI2IAytgZh+Bexhgta6ATQ=,tag:lqgwvXlS/jGPxasmk5Vh3w==,type:str]
|
||||
xray-server:
|
||||
clients:
|
||||
#ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment]
|
||||
@@ -66,7 +64,7 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-09T07:42:26Z"
|
||||
mac: ENC[AES256_GCM,data:oNWqJ9Ry0NjyYiLyNwEWsD2khF2ysEBnvXhLd9A5X438OgFQAy3CqHqLvE2AYpVoDG9a+Twz+jAgylQ1S3irSoS3RrSpzI1a+LVwceoN05UuK33yMAEvFOQWfQfqUUKlScpkJIF0TejC+WPQsYiwh+GkNhg1m93O1aSPlk09Lrg=,iv:ZkFu/WMVgrTPKlsRCECt5w8KuEUZTqGYYbbmzWNZHuc=,tag:BCd3ll5tLfWgK8grtKUqow==,type:str]
|
||||
lastmodified: "2025-06-12T23:51:02Z"
|
||||
mac: ENC[AES256_GCM,data:3QxWxinb3a7jvmHJO1kcePNwd/igurjFWVJw/sGKBuZpo47LU+W8132b9GpKs79AedDa5BM5yu0XN+CPrkviMcNuX5a3lLy8oI22a1N8fuKjEehld1Jq/boitGIsgJgb/M0Hn6yIq1ytuWuxoj2cOvmkEfNuyWRew+htI4DhJ/E=,iv:OyCWfcn218oaA970T9miIWIGSwOFeUbtWI0xO/02Hrw=,tag:c8riJplInFN1ZSPH3ze0QQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
@@ -8,7 +8,7 @@ let
|
||||
vps4 = [ "initrd.vps4" "xserver2.vps4" ];
|
||||
vps6 =
|
||||
[
|
||||
"blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
|
||||
"blog" "catalog" "coturn" "element" "initrd.vps6" "misskey" "sticker" "synapse-admin" "tgapi"
|
||||
"ua" "xserver2" "xserver2.vps6" "铜锣湾实验室"
|
||||
];
|
||||
"xlog.autoroute" = [ "xlog" ];
|
||||
|
||||
@@ -1,203 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
frpClient =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
user = mkOption { type = types.nonEmptyStr; };
|
||||
tcp = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs:
|
||||
{
|
||||
options =
|
||||
{
|
||||
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
localPort = mkOption { type = types.ints.unsigned; };
|
||||
remoteIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
remotePort = mkOption { type = types.ints.unsigned; default = inputs.config.localPort; };
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
stcp = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs:
|
||||
{
|
||||
options =
|
||||
{
|
||||
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
localPort = mkOption { type = types.ints.unsigned; };
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
stcpVisitor = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs:
|
||||
{
|
||||
options =
|
||||
{
|
||||
localIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
localPort = mkOption { type = types.ints.unsigned; };
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
frpServer =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
serverName = mkOption { type = types.nonEmptyStr; };
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkMerge mkIf;
|
||||
inherit (inputs.lib.strings) splitString;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) frpClient frpServer;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkMerge
|
||||
[
|
||||
(
|
||||
mkIf frpClient.enable
|
||||
{
|
||||
systemd.services.frpc =
|
||||
let
|
||||
frpc = "${inputs.pkgs.frp}/bin/frpc";
|
||||
config = inputs.config.sops.templates."frpc.json";
|
||||
in
|
||||
{
|
||||
description = "Frp Client Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frpc} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frpc.json" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = builtins.toJSON
|
||||
{
|
||||
auth.token = inputs.config.sops.placeholder."frp/token";
|
||||
user = frpClient.user;
|
||||
serverAddr = frpClient.serverName;
|
||||
serverPort = 7000;
|
||||
proxies =
|
||||
(map
|
||||
(tcp:
|
||||
{
|
||||
name = tcp.name;
|
||||
type = "tcp";
|
||||
transport.useCompression = true;
|
||||
inherit (tcp.value) localIp localPort remotePort;
|
||||
})
|
||||
(attrsToList frpClient.tcp))
|
||||
++ (map
|
||||
(stcp:
|
||||
{
|
||||
name = stcp.name;
|
||||
type = "stcp";
|
||||
transport.useCompression = true;
|
||||
secretKey = inputs.config.sops.placeholder."frp/stcp/${stcp.name}";
|
||||
allowUsers = [ "*" ];
|
||||
inherit (stcp.value) localIp localPort;
|
||||
})
|
||||
(attrsToList frpClient.stcp));
|
||||
visitors = map
|
||||
(stcp:
|
||||
{
|
||||
name = stcp.name;
|
||||
type = "stcp";
|
||||
transport.useCompression = true;
|
||||
secretKey = inputs.config.sops.placeholder."frp/stcp/${stcp.name}";
|
||||
serverUser = builtins.elemAt (splitString "." stcp.name) 0;
|
||||
serverName = builtins.elemAt (splitString "." stcp.name) 1;
|
||||
bindAddr = stcp.value.localIp;
|
||||
bindPort = stcp.value.localPort;
|
||||
})
|
||||
(attrsToList frpClient.stcpVisitor);
|
||||
};
|
||||
};
|
||||
secrets = listToAttrs
|
||||
(
|
||||
[{ name = "frp/token"; value = {}; }]
|
||||
++ (map
|
||||
(stcp: { name = "frp/stcp/${stcp.name}"; value = {}; })
|
||||
(attrsToList (with frpClient; stcp // stcpVisitor)))
|
||||
);
|
||||
};
|
||||
users =
|
||||
{
|
||||
users.frp = { uid = inputs.config.nixos.user.uid.frp; group = "frp"; isSystemUser = true; };
|
||||
groups.frp.gid = inputs.config.nixos.user.gid.frp;
|
||||
};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf frpServer.enable
|
||||
{
|
||||
systemd.services.frps =
|
||||
let
|
||||
frps = "${inputs.pkgs.frp}/bin/frps";
|
||||
config = inputs.config.sops.templates."frps.json";
|
||||
in
|
||||
{
|
||||
description = "Frp Server Service";
|
||||
after = [ "network.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
Type = "simple";
|
||||
User = "frp";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${frps} -c ${config.path}";
|
||||
LimitNOFILE = 1048576;
|
||||
};
|
||||
wantedBy= [ "multi-user.target" ];
|
||||
restartTriggers = [ config.file ];
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."frps.json" =
|
||||
{
|
||||
owner = inputs.config.users.users.frp.name;
|
||||
group = inputs.config.users.users.frp.group;
|
||||
content = builtins.toJSON
|
||||
{
|
||||
auth.token = inputs.config.sops.placeholder."frp/token";
|
||||
transport.tls = let cert = inputs.config.security.acme.certs.${frpServer.serverName}.directory; in
|
||||
{
|
||||
force = true;
|
||||
certFile = "${cert}/full.pem";
|
||||
keyFile = "${cert}/key.pem";
|
||||
serverName = frpServer.serverName;
|
||||
};
|
||||
};
|
||||
};
|
||||
secrets."frp/token" = {};
|
||||
};
|
||||
nixos.services.acme.cert.${frpServer.serverName}.group = "frp";
|
||||
users =
|
||||
{
|
||||
users.frp = { uid = inputs.config.nixos.user.uid.frp; group = "frp"; isSystemUser = true; };
|
||||
groups.frp.gid = inputs.config.nixos.user.gid.frp;
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 7000 ];
|
||||
}
|
||||
)
|
||||
];
|
||||
}
|
||||
Reference in New Issue
Block a user