From b2532ef44dc171b15621ab2efe86aa128a69891b Mon Sep 17 00:00:00 2001 From: chn Date: Fri, 19 Jan 2024 19:08:28 +0800 Subject: [PATCH] services.xray: rename --- devices/nas/default.nix | 2 +- devices/pc/default.nix | 2 +- devices/surface/default.nix | 2 +- devices/vps6/default.nix | 2 +- devices/xmupc1/default.nix | 2 +- modules/services/wireguard.nix | 2 +- modules/services/xray.nix | 35 ++++++++++++++++++++-------------- 7 files changed, 27 insertions(+), 20 deletions(-) diff --git a/devices/nas/default.nix b/devices/nas/default.nix index f5100d39..2fe99007 100644 --- a/devices/nas/default.nix +++ b/devices/nas/default.nix @@ -61,7 +61,7 @@ inputs: shares = { home.path = "/home"; root.path = "/"; }; }; sshd = { enable = true; passwordAuthentication = true; }; - xrayClient = + xray.client = { enable = true; serverAddress = "74.211.99.69"; diff --git a/devices/pc/default.nix b/devices/pc/default.nix index 9aa45073..46b73ae9 100644 --- a/devices/pc/default.nix +++ b/devices/pc/default.nix @@ -95,7 +95,7 @@ inputs: }; }; sshd.enable = true; - xrayClient = + xray.client = { enable = true; serverAddress = "74.211.99.69"; diff --git a/devices/surface/default.nix b/devices/surface/default.nix index 236b9c9f..488fdd6a 100644 --- a/devices/surface/default.nix +++ b/devices/surface/default.nix @@ -51,7 +51,7 @@ inputs: snapper.enable = true; fontconfig.enable = true; sshd.enable = true; - xrayClient = + xray.client = { enable = true; serverAddress = "74.211.99.69"; diff --git a/devices/vps6/default.nix b/devices/vps6/default.nix index 43797b9b..8a33d106 100644 --- a/devices/vps6/default.nix +++ b/devices/vps6/default.nix @@ -37,7 +37,7 @@ inputs: { snapper.enable = true; sshd.enable = true; - xrayServer = { enable = true; serverName = "vps6.xserver.chn.moe"; }; + xray.server = { enable = true; serverName = "vps6.xserver.chn.moe"; }; frpServer = { enable = true; serverName = "frp.chn.moe"; }; nginx = { diff --git a/devices/xmupc1/default.nix b/devices/xmupc1/default.nix index 31fd19a6..899fd07c 100644 --- a/devices/xmupc1/default.nix +++ b/devices/xmupc1/default.nix @@ -75,7 +75,7 @@ inputs: }; }; sshd.enable = true; - xrayClient = + xray.client = { enable = true; serverAddress = "74.211.99.69"; diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix index 80a8c2f5..9b89b6d6 100644 --- a/modules/services/wireguard.nix +++ b/modules/services/wireguard.nix @@ -20,7 +20,7 @@ inputs: networking = let # if the host is behind xray, it should listen on another port, to make xray succeffully listen on 51820 - port = 51820 + (if inputs.config.nixos.services.xrayClient.enable then 1 else 0); + port = 51820 + (if inputs.config.nixos.services.xray.client.enable then 1 else 0); in { firewall = { allowedUDPPorts = [ port ]; trustedInterfaces = [ "wireguard" ]; }; diff --git a/modules/services/xray.nix b/modules/services/xray.nix index ed11eb1d..f91d4b14 100644 --- a/modules/services/xray.nix +++ b/modules/services/xray.nix @@ -1,8 +1,8 @@ inputs: { - options.nixos.services = let inherit (inputs.lib) mkOption types; in + options.nixos.services.xray = let inherit (inputs.lib) mkOption types; in { - xrayClient = + client = { enable = mkOption { type = types.bool; default = false; }; serverAddress = mkOption { type = types.nonEmptyStr; }; @@ -13,7 +13,7 @@ inputs: extraInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; }; }; }; }; }; - xrayServer = + server = { enable = mkOption { type = types.bool; default = false; }; serverName = mkOption { type = types.nonEmptyStr; }; @@ -23,12 +23,19 @@ inputs: let inherit (inputs.lib) mkMerge mkIf; inherit (inputs.localLib) stripeTabs attrsToList; - inherit (inputs.config.nixos.services) xrayClient xrayServer; + inherit (inputs.config.nixos.services) xray; inherit (builtins) map listToAttrs toString genList length concatStringsSep; in mkMerge [ + { + assertions = + [{ + assertion = !(xray.client.enable && xray.server.enable); + message = "Currenty xray.client and xray.server could not be simutaniusly enabled."; + }]; + } ( - mkIf xrayClient.enable + mkIf xray.client.enable { services = { @@ -40,14 +47,14 @@ inputs: no-poll = true; log-queries = true; server = [ "127.0.0.1#10853" ]; - interface = xrayClient.dns.extraInterfaces ++ [ "lo" ]; + interface = xray.client.dns.extraInterfaces ++ [ "lo" ]; bind-dynamic = true; ipset = [ "/developer.download.nvidia.com/noproxy_net" "/yuanshen.com/noproxy_net" ]; - address = map (host: "/${host.name}/${host.value}") (attrsToList xrayClient.dns.hosts); + address = map (host: "/${host.name}/${host.value}") (attrsToList xray.client.dns.hosts); }; }; xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-client.json".path; }; @@ -130,7 +137,7 @@ inputs: protocol = "vless"; settings.vnext = [{ - address = xrayClient.serverAddress; + address = xray.client.serverAddress; port = 443; users = [{ @@ -145,7 +152,7 @@ inputs: security = "reality"; realitySettings = { - serverName = xrayClient.serverName; + serverName = xray.client.serverName; publicKey = "Nl0eVZoDF9d71_3dVsZGJl3UWR9LCv3B14gu7G6vhjk"; fingerprint = "firefox"; }; @@ -308,7 +315,7 @@ inputs: } ) ( - mkIf xrayServer.enable (let userList = genList (n: n) 30; in + mkIf xray.server.enable (let userList = genList (n: n) 30; in { services.xray = { enable = true; settingsFile = inputs.config.sops.templates."xray-server.json".path; }; sops = @@ -351,7 +358,7 @@ inputs: realitySettings = { dest = "127.0.0.1:${fallbackPort}"; - serverNames = [ xrayServer.serverName ]; + serverNames = [ xray.server.serverName ]; privateKey = inputs.config.sops.placeholder."xray-server/private-key"; minClientVer = "1.8.0"; shortIds = [ "" ]; @@ -493,12 +500,12 @@ inputs: }; nixos.services = { - acme = { enable = true; cert.${xrayServer.serverName}.group = inputs.config.users.users.nginx.group; }; + acme = { enable = true; cert.${xray.server.serverName}.group = inputs.config.users.users.nginx.group; }; nginx = { enable = true; - transparentProxy.map."${xrayServer.serverName}" = 4726; - https."${xrayServer.serverName}" = + transparentProxy.map."${xray.server.serverName}" = 4726; + https."${xray.server.serverName}" = { listen.main = { proxyProtocol = false; addToTransparentProxy = false; }; location."/".return.return = "400";