modules.services.xray.server: use separate secrets file

2026-01-12 01:29:24 +08:00 · 2025-11-16 11:47:14 +08:00
parent 2dc53c0c38
commit 3358df4962
7 changed files with 108 additions and 155 deletions
--- a/modules/services/xray/server.nix
+++ b/modules/services/xray/server.nix
@@ -128,12 +128,14 @@ inputs:
              };
            };
          };
-          secrets = builtins.listToAttrs
-            (builtins.map (n: inputs.lib.nameValuePair "xray-server/clients/${n}" {}) userList)
-            // (builtins.listToAttrs (builtins.map
-              (name: inputs.lib.nameValuePair "telegram/${name}" { group = "telegram"; mode = "0440"; })
-              [ "token" "user/chn" ]))
-            // { "xray-server/private-key" = {}; };
+          secrets = inputs.lib.mergeAttrsList
+          [
+            (inputs.lib.genAttrs' userList
+              (n: inputs.lib.nameValuePair "xray-server/clients/${n}" {}))
+            { "xray-server/private-key" = {}; }
+            (inputs.lib.genAttrs' [ "token" "user/chn" ]
+              (n: inputs.lib.nameValuePair "telegram/${n}" { group = "telegram"; mode = "0440"; }))
+          ];
        };
        services =
        {
--- a/modules/system/sops.nix
+++ b/modules/system/sops.nix
@@ -80,8 +80,8 @@ inputs:
              (defaultSopsFile "${devicePath}/${model.cluster.clusterName}/${model.cluster.nodeName}")
                ++ (defaultSopsFile "${devicePath}/${model.cluster.clusterName}")
            ))
-          ++ (inputs.lib.optionals model.private [ "${devicePath}/cross/secrets/chn.yaml" ])
-          ++ (defaultSopsFile "${devicePath}/cross");
+          ++ (defaultSopsFile "${devicePath}/cross")
+          ++ [ "${devicePath}/cross/secrets/chn.yaml" "${devicePath}/cross/secrets/xray-server.yaml" ];
    };
    availableKeys = mkOption
    {