diff --git a/.sops.yaml b/.sops.yaml
index 90b9aaa3..9e05abe9 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,7 @@
 keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
   - &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
   - &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a
-  - &vps4 age1nnd6u8l20julg4jz4l6kw5gmj6h2tsngpm7n8dx59umgw2s66y4shq6jv4
+  - &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
   - &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
   - &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
   - &surface age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
diff --git a/devices/vps4/default.nix b/devices/vps4/default.nix
index 11f14968..530a92b3 100644
--- a/devices/vps4/default.nix
+++ b/devices/vps4/default.nix
@@ -38,6 +38,7 @@ inputs:
         sshd = {};
         fail2ban = {};
         beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
+        xray.server = { serverName = "xserver.vps4.chn.moe"; userNumber = 4; };
       };
     };
   };
diff --git a/devices/vps4/secrets.yaml b/devices/vps4/secrets.yaml
index 5df48cef..cc6a78ac 100644
--- a/devices/vps4/secrets.yaml
+++ b/devices/vps4/secrets.yaml
@@ -1,13 +1,25 @@
-hello: ENC[AES256_GCM,data:mX0hKnLdaujfHSyIikkannf8DDo+r7R0,iv:my9nYiaburkWHQLsNetqD3dYVwsEkJhC7hoh0XagoOk=,tag:D7uhoFGMrTWT3K4LNMFcUA==,type:str]
-example_key: ENC[AES256_GCM,data:ezHOG8aSXYlosn7ymQ==,iv:NLm785UMihcL1K/M4u7k+P2XftyLlIxtQGPmMLc+rs8=,tag:h9xk+do8pYzxYzUaKKb1PQ==,type:str]
-#ENC[AES256_GCM,data:pgOf9IVK9ijocRr0uEO0ZA==,iv:aQ2dvfAVhkFWtcDM4VeJQa+NN6kw9IlvidL/usoP/lE=,tag:49iS4s1EfQK5VhlF9nqWRQ==,type:comment]
-example_array:
-    - ENC[AES256_GCM,data:W8QJiOY6ofqE+XRodK0=,iv:KQ/mYY4N/YA9LhZvJtPJPqRVQq4ob/xa8JSQY06Vm4M=,tag:7NQgidSCjER//ru3AXgLzQ==,type:str]
-    - ENC[AES256_GCM,data:nNML0iYEFdW4S5rJVHM=,iv:LQ1/E/7FExXB16Ur4b59XAUlWSFPub6LQBaFCY+a2lE=,tag:LqPymQ7k5ZsS8d9Z09xJuA==,type:str]
-example_number: ENC[AES256_GCM,data:UiALks+CeKFusw==,iv:8gQ0aB+9YHXKVDX7moqdQmNJLGDNGfo+glezE39xXgQ=,tag:sJG+DJNzCtx+l4bBgQTtCQ==,type:float]
-example_booleans:
-    - ENC[AES256_GCM,data:n3cV5g==,iv:z2p5oh8BhEMvwwIDaO8aM8VfxmsR6Z7473pd348tsmU=,tag:oSYsNuk6vY21Nepy8Hkb7g==,type:bool]
-    - ENC[AES256_GCM,data:ns3chHI=,iv:db8M/qF03VKaT/8Q4NqfCdI1zAU9H8JWZFqnzwI7QvI=,tag:FdgUanhezouVdv+9a9/gxQ==,type:bool]
+xray-server:
+    clients:
+        #ENC[AES256_GCM,data:d7cv,iv:RHzGIDLuuKejCTQ5YlNNITkCS3VoprsqH/kHckdpAv0=,tag:3cYw7uyUmXALo3v7SiqLJA==,type:comment]
+        user0: ENC[AES256_GCM,data:o2wxpSzoqsPxs6grgYRLtPutMVwSqtzUWBrj7+7QuWWd1a1z,iv:2/5SxXq8Iw4J/LzBeclHbkrZXHitguip0WN+MINym8s=,tag:v/3oly53ORM9XAwbOzp06g==,type:str]
+        #ENC[AES256_GCM,data:0nHZmEPPaw==,iv:BtOZ8/U0yg3fthHrwerNQX3+KD/H9+fcUylYGnZqiIM=,tag:DkFGSFfq//LmWfg6DGm1aA==,type:comment]
+        user1: ENC[AES256_GCM,data:7ev7GuKLeJbPReMy0FnX02fLv5nNCpxdzfnQyAA+/IviwDMQ,iv:YbESsyIAiEAyvrHnj9A4lITX7NtRkuRhCrTv6hoG9Qs=,tag:8uledxLXqpXXLBh+cczm4g==,type:str]
+        #ENC[AES256_GCM,data:3KN/1hzeR2I=,iv:iaqJJD6iURTUlIL8e8P7fsAzJYo+y3NGZXgWmPX+4ao=,tag:e8g/JgVrMrWJamUMpiv2pQ==,type:comment]
+        user2: ENC[AES256_GCM,data:58PnLCwDayOYinsPCYPeMvuKiF7b4tZtbmEJFWEl+2Nu6HL2,iv:hSv3jCtkLm4rrm/4+ot10CBhobGwtnK5db5wR1S/XrU=,tag:SQbynYp8pDSqj4tAK6JBMQ==,type:str]
+        #ENC[AES256_GCM,data:uTZDsA==,iv:6cxvQycfji/x+DW1CnO45r+yNTLwkhYkiJwDaSpUCwo=,tag:8pMw+sYeOyZBN1idHoM9+g==,type:comment]
+        user3: ENC[AES256_GCM,data:WCVr0ylGm2SHtOGulb8TD/cI2xJXrbvY1d6+STXGxf0d0izb,iv:vhNshb38AVpwKCFRwUVruCQ0SxhHrOmwQ+IoQZeUj1k=,tag:OfdIjRrTAuVZBOEXTtnrQQ==,type:str]
+    private-key: ENC[AES256_GCM,data:akNIeVp2bfKvnzlS6KLAdqAo7qsGfPatzCZpN1tNRLhRVXmJCcUDVSmVoA==,iv:2Rny8ioDJ2x+NR+n7/Aluv7JZ+Om3MuJKsXiwONYntg=,tag:a3xubIr7hpVjRiHjFL/q5Q==,type:str]
+acme:
+    token: ENC[AES256_GCM,data:JBeN7SVxKGOe6er0eS7/v8YrXdv0nCK/KZc8Ygq0G7FIGu4hO662kg==,iv:rf59MgUCYlAA5h18wtdWoUyb2VPB13OPuJjz1VsI2dU=,tag:ViPrwduD8aWf8i8vmBG78A==,type:str]
+nginx:
+    detectAuth:
+        chn: ENC[AES256_GCM,data:lQHDpv8/Yl5/nycHoeTnCw==,iv:ernNxRpcTOSAllDpqRFVFg3qEw/slEEPPXDFq1AhNL0=,tag:2AVALUf9cDyOgCqI9wwgQQ==,type:str]
+        led: ENC[AES256_GCM,data:zyCiiH21,iv:iEYyNClDsCpWE2oNjt2NqQZ88xOOlMr0yycjKTPdmlw=,tag:kQfbshXfTBA5PtUAgpgCcA==,type:str]
+        chat: ENC[AES256_GCM,data:pXu0WPWmvUzvl2expDpQPqWwi1A4abg72npsaYXDXRcg6aVU0Ec+tgM2+uz2hT9rh3mNoBxadYXDc/zeOL1UCg==,iv:iln5UGGBK2s5pGS03PtolWTkx6KrnYBAWCFnI0V2Bag=,tag:EahTDoPIBkgWnp4MOoTCmw==,type:str]
+    maxmind-license: ENC[AES256_GCM,data:8OioibcXQ9IZ0OQhJ/zHSBQjfdHzkoqwUx5zR8Zq0atNw6SSf7vKrg==,iv:z6WTI2yeqP0h7EqKG114nRQpFVJlNzZspgS6gIFtpt4=,tag:a0dBt9pXJnncBiSKt9dsAQ==,type:str]
+telegram:
+    token: ENC[AES256_GCM,data:Si6yTh48HpA8OkkkvgHwtJYFhF8tW3oaQbldjwBc09QJxp9AoKgASMnZtbDZYA==,iv:GrNyZXjaZMviSjy/LGHHrYTr5PFvDkCXmT3MU4+SLpc=,tag:YifB1tKFLqsgXB/YLqYK4w==,type:str]
+    chat: ENC[AES256_GCM,data:ydPky0W4ZWqn,iv:uWQrZDz2GCxiKRaijM89Npt0fQeSNHbQzDefkZCkUAE=,tag:OJQwV/889Vp2/4wjbN41JA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -17,23 +29,23 @@ sops:
         - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaE9nWEZFaE51alYyTUgr
-            RVBKZ1MvNitBdGpMWURIUkhCTlF6Y1hueVFjCnp2Q0JVL0t2UEZrSmxMbFVwZ0k5
-            QVZDdXNjWmg0S3BIaXF0NDBHOThiMDAKLS0tIDBpenAyTE51MWVkaHFvTFhzNmVV
-            WnlKUFZWNWtaYUpPZkplSm04Q3RFb00Kghj7jLLcLpc8njNyxPj6JWZbBRn2Ou9j
-            FJLfCGLePuJPmdBBN4AGHmtrkfw/SMZJ50DXhKSJSxM91zuJSqFV1g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNamN1TytweDd3blJsR2ZH
+            ZmlocFZjT3ZaUjlVbG1vVSt4a2s2SjJIaGtRCjRneDV6cHYwdGJOY1BDVS9DeDVC
+            cDdNbUdtSGRHNU1yZFpPc1MzRS92ME0KLS0tIFpmamNmTFYrRGRqbTFVSzBhUlNa
+            VllXdzZ3bEc3UFY0YjZRKzBUcGgyVkUKqI1ojiLbF87alAkEwyrm8wuW2fLbmj8d
+            YBIpoDCZ7AwR5uHWQAtl7BWJV1zab+rA3zvaf2BsrVA1A+RWOtYT/Q==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age1nnd6u8l20julg4jz4l6kw5gmj6h2tsngpm7n8dx59umgw2s66y4shq6jv4
+        - recipient: age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYkJ1NllUR1pMaUdmZ3Z6
-            OEVLWC9nZHNxNWJSZ3VZUVZ3eWlLNWN5V24wClZ3dTh3SVNRS0Z4TFJrNDJBVnJj
-            aDhYNTdSV2JmUVNXR1ZkN1BOdzZzRHcKLS0tIFNhUGIxRVM5MFdvUWZWOG5kYlFM
-            RjZtLzY5b00vMExFSU1xZEl0NFJQQlEK4yUe3V0u6A3niES0Nq28rRYZ1fTEL0Fh
-            RBGZNCute1SShrLZPgNr/lFAc6d8DH6N0IuDKcjguuWtyHY/LFYuYw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWitsSnRVSzJDZG9ZSE5I
+            bmt2NEFDanR3aFJyYVNnU1NlUldRb2RUVXhNClQrTkgzR1dPNWp3endZTUl5SmRs
+            dEtkSWk4aWJEc2hhbWlXZkxpNGhacFUKLS0tIGZNSG43R0NKYmdFMzdXbmJjSExJ
+            Ri9hM3NRTkM4Q1lDdmdPemEweEFBUmcKNLL5qH+JeFWX0GovkPFVVAnz+4tmfG6/
+            1jN8YqbMIxf5/L8tauXPf0iIiHa6pUcjtDZPr/OEmeXebmF6Bh9u9Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-27T09:40:19Z"
-    mac: ENC[AES256_GCM,data:ZdocsIbkzcWsTia7s98T5hjM5HDyBc1a0pwAb3IEFAom9Q0LjOs02BjsBKQT9Z+eMU+Ugkaz+kgP4hwYbcUuAbiVChU6sLMxUPwQDE8E7sJINZvJzth4Kl5SF4qz9fEuY8ZTP1hHc/HC6fSfWm+zH8n755aBjrzdIUvPV0Qv3xI=,iv:SSjyvgMSgZsoKHspRrNJpkmRTDdFqQlJGLUybyMcXbg=,tag:EBLpGZLNwDZxsWwh7Eva7w==,type:str]
+    lastmodified: "2024-08-25T03:19:55Z"
+    mac: ENC[AES256_GCM,data:v6yb7ZYcnPw/8SqEJnSWzmlE17PenjnBH2X8HZp+kIDXzNFyNvD19FcbCBZjwyjBLvN1ZF4M9FS7Y4+CvvMrN/4JcFufcY/V1NrOd8IZisfAT5N3WuopPee4IN9WEyPVOsbFnesZo6/wJKuqlV1UR8UZxCd3/wHXob9Lkz45cBw=,iv:XKIUiRfP0lj8V/Z1HbvhBankdcAjQqM8Way6TWjJJMY=,tag:PLYsVj6BmR132oWsxEKnfg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0