chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

modules.services.xray.xmuClient: init

Browse Source
This commit is contained in:
陈浩南
2025-06-30 11:13:30 +08:00
parent 055599b5c7
commit 74894efbde
2 changed files with 91 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
modules/services/xray/xmuClient.nix Normal file
View File

@@ -0,0 +1,88 @@
inputs:
{
options.nixos.services.xray.xmuClient = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule (submoduleInputs: { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = "xserverxmu.chn.moe"; };
};}));
default = null;
};
config = let inherit (inputs.config.nixos.services.xray) xmuClient; in inputs.lib.mkIf (xmuClient != null)
{
sops =
{
templates."xray-xmu-client.json" =
{
owner = inputs.config.users.users.v2ray.name;
group = inputs.config.users.users.v2ray.group;
content = builtins.toJSON
{
log.loglevel = "warning";
inbounds =
[
{
port = 10983;
protocol = "dokodemo-door";
settings = { network = "tcp,udp"; followRedirect = true; };
streamSettings.sockopt.tproxy = "tproxy";
tag = "tproxy-in";
}
{ port = 10984; protocol = "socks"; settings.udp = true; tag = "socks-in"; }
];
outbounds =
[{
protocol = "vless";
settings.vnext =
[{
address = xmuClient.hostname;
port = 443;
users = [{ id = inputs.config.sops.placeholder."xray-xmu-client/uuid"; encryption = "none"; }];
}];
streamSettings =
{
network = "xhttp";
security = "tls";
xhttpSettings =
{
path = "/xsession";
mode = "stream-one";
security = "tls";
extra.headers.Cookie = "show_vpn=0; heartbeat=1; show_faq=0; "
+ "wengine_vpn_ticketwebvpn_xmu_edu_cn=${inputs.config.sops.placeholder."xray-xmu-client/cookie"}";
};
};
}];
};
};
secrets = { "xray-xmu-client/uuid" = {}; "xray-xmu-client/cookie" = {}; };
};
systemd.services =
{
xray-xmu-client =
{
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script =
"exec ${inputs.pkgs.xray}/bin/xray -config ${inputs.config.sops.templates."xray-xmu-client.json".path}";
serviceConfig =
{
User = "v2ray";
Group = "v2ray";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
NoNewPrivileges = true;
LimitNPROC = 65536;
LimitNOFILE = 524288;
CPUSchedulingPolicy = "rr";
};
restartTriggers = [ inputs.config.sops.templates."xray-xmu-client.json".file ];
};
};
users =
{
users.v2ray = { uid = inputs.config.nixos.user.uid.v2ray; group = "v2ray"; isSystemUser = true; };
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
};
};
}

6
modules/services/xray/xmuServer.nix
View File

@@ -4,11 +4,11 @@ inputs:
{
type = types.nullOr (types.submodule { options =
{
serverName = mkOption { type = types.nonEmptyStr; default = "xserverxmu.chn.moe"; };
hostname = mkOption { type = types.nonEmptyStr; default = "xserverxmu.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services.xray) server; in inputs.lib.mkIf (server != null)
config = let inherit (inputs.config.nixos.services.xray) xmuServer; in inputs.lib.mkIf (xmuServer != null)
{
sops =
{
@@ -59,7 +59,7 @@ inputs:
nixos.services.nginx =
{
enable = true;
https.${server.serverName}.location =
https.${xmuServer.hostname}.location =
{ "/".return.return = "400"; "/xsession".proxy = { upstream = "http://127.0.0.1:4727"; grpc = true; }; };
};
};