chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2024-10-23 09:29:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

xray: fix client dns

Browse Source
This commit is contained in:
陈浩南 2023-08-29 17:13:16 +08:00
parent d2b29999ff
commit 67f6ec0d7c
1 changed files with 116 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
modules/services/xray.nix
View File

@ -59,120 +59,132 @@ inputs:
{ {
owner = inputs.config.users.users.v2ray.name; owner = inputs.config.users.users.v2ray.name;
group = inputs.config.users.users.v2ray.group; group = inputs.config.users.users.v2ray.group;
content = builtins.toJSON content =
{ let
log.loglevel = "info"; chinaDns = "223.5.5.5";
dns = foreignDns = "8.8.8.8";
in
builtins.toJSON
{ {
servers = log.loglevel = "info";
[ dns =
{ address = "223.5.5.5"; domains = [ "geosite:geolocation-cn" ]; port = 53; }
{
address = "8.8.8.8";
domains = [ "geosite:geolocation-!cn" "domain:worldcat.org" "domain:mstdn.one" ];
port = 53;
}
{ address = "223.5.5.5"; expectIPs = [ "geoip:cn" ]; }
{ address = "8.8.8.8"; }
];
disableCache = true;
queryStrategy = "UseIPv4";
disableFallback = true;
tag = "dns-internal";
};
inbounds =
[
{ {
port = 10853; servers =
protocol = "dokodemo-door"; # 先尝试匹配域名列表进行查询,若匹配成功则使用前两个 dns 查询。
settings = { address = "8.8.8.8"; network = "tcp,udp"; port = 53; }; # 若匹配域名列表失败,或者匹配成功但是查询到的 IP 不在期望的 IP 列表中,则回落到使用后两个 dns 依次查询。
tag = "dns-in"; [
}
{
port = 10880;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
tag = "common-in";
}
{
port = 10881;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "xmu-in";
}
{
port = 10883;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "proxy-in";
}
{ port = 10884; protocol = "socks"; tag = "proxy-socks-in"; }
{ port = 10882; protocol = "socks"; tag = "direct-in"; }
];
outbounds =
[
{
protocol = "vless";
settings.vnext =
[{
address = xrayClient.serverAddress;
port = 443;
users =
[{
id = inputs.config.sops.placeholder."xray-client/uuid";
encryption = "none";
flow = "xtls-rprx-vision-udp443";
}];
}];
streamSettings =
{
network = "tcp";
security = "reality";
realitySettings =
{ {
serverName = xrayClient.serverName; address = chinaDns;
publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk"; domains = [ "geosite:geolocation-cn" ];
fingerprint = "firefox"; expectIPs = [ "geoip:cn" ];
}; skipFallback = true;
}; }
tag = "proxy-vless"; {
} address = foreignDns;
{ protocol = "freedom"; tag = "direct"; } domains = [ "geosite:geolocation-!cn" ];
{ protocol = "dns"; tag = "dns-out"; } expectIPs = [ "geoip:!cn" ];
{ skipFallback = true;
protocol = "socks"; }
settings.servers = [{ address = "127.0.0.1"; port = 10069; }]; { address = chinaDns; expectIPs = [ "geoip:cn" ]; }
tag = "xmu-out"; { address = foreignDns; }
} ];
]; disableCache = true;
routing = queryStrategy = "UseIPv4";
{ tag = "dns-internal";
domainStrategy = "AsIs"; };
rules = builtins.map (rule: rule // { type = "field"; }) inbounds =
[ [
{ inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
{ inboundTag = [ "proxy-in" "proxy-socks-in" ]; outboundTag = "proxy-vless"; }
{ {
inboundTag = [ "common-in" ]; port = 10853;
domain = [ "geosite:geolocation-cn" ]; protocol = "dokodemo-door";
outboundTag = "direct"; settings = { address = "8.8.8.8"; network = "tcp,udp"; port = 53; };
tag = "dns-in";
} }
{ {
inboundTag = [ "common-in" ]; port = 10880;
domain = [ "geosite:geolocation-!cn" "domain:nya.one" ]; protocol = "dokodemo-door";
outboundTag = "proxy-vless"; settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
sniffing = { enabled = true; destOverride = [ "http" "tls" "quic" ]; routeOnly = true; };
tag = "common-in";
} }
{ inboundTag = [ "common-in" "dns-internal" ]; ip = [ "geoip:cn" ]; outboundTag = "direct"; } {
{ inboundTag = [ "common-in" "dns-internal" ]; outboundTag = "proxy-vless"; } port = 10881;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "xmu-in";
}
{
port = 10883;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "proxy-in";
}
{ port = 10884; protocol = "socks"; tag = "proxy-socks-in"; }
{ port = 10882; protocol = "socks"; tag = "direct-in"; }
]; ];
outbounds =
[
{
protocol = "vless";
settings.vnext =
[{
address = xrayClient.serverAddress;
port = 443;
users =
[{
id = inputs.config.sops.placeholder."xray-client/uuid";
encryption = "none";
flow = "xtls-rprx-vision-udp443";
}];
}];
streamSettings =
{
network = "tcp";
security = "reality";
realitySettings =
{
serverName = xrayClient.serverName;
publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk";
fingerprint = "firefox";
};
};
tag = "proxy-vless";
}
{ protocol = "freedom"; tag = "direct"; }
{ protocol = "dns"; tag = "dns-out"; }
{
protocol = "socks";
settings.servers = [{ address = "127.0.0.1"; port = 10069; }];
tag = "xmu-out";
}
{ protocol = "blackhole"; tag = "block"; }
];
routing =
{
domainStrategy = "AsIs";
rules = builtins.map (rule: rule // { type = "field"; })
[
{ inboundTag = [ "dns-in" ]; outboundTag = "dns-out"; }
{ inboundTag = [ "dns-internal" ]; ip = [ chinaDns ]; outboundTag = "direct"; }
{ inboundTag = [ "dns-internal" ]; ip = [ foreignDns ]; outboundTag = "proxy-vless"; }
{ inboundTag = [ "dns-internal" ]; outboundTag = "block"; }
{ inboundTag = [ "xmu-in" ]; outboundTag = "xmu-out"; }
{ inboundTag = [ "direct-in" ]; outboundTag = "direct"; }
{ inboundTag = [ "proxy-in" "proxy-socks-in" ]; outboundTag = "proxy-vless"; }
{ inboundTag = [ "common-in" ]; domain = [ "geosite:geolocation-cn" ]; outboundTag = "direct"; }
{
inboundTag = [ "common-in" ];
domain = [ "geosite:geolocation-!cn" ];
outboundTag = "proxy-vless";
}
{ inboundTag = [ "common-in" ]; ip = [ "geoip:cn" ]; outboundTag = "direct"; }
{ inboundTag = [ "common-in" ]; outboundTag = "proxy-vless"; }
];
};
}; };
};
}; };
secrets."xray-client/uuid" = {}; secrets."xray-client/uuid" = {};
}; };