diff --git a/devices/nas/default.nix b/devices/nas/default.nix
index 39aa0886..c331e879 100644
--- a/devices/nas/default.nix
+++ b/devices/nas/default.nix
@@ -53,7 +53,7 @@ inputs:
         snapper.enable = true;
         samba = { enable = true; hostsAllowed = "192.168. 127."; shares = { home.path = "/home"; root.path = "/"; }; };
         sshd = {};
-        xray.client.dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1";
+        xray.client = { enable = true; dnsmasq.hosts."git.nas.chn.moe" = "127.0.0.1"; };
         groupshare = {};
         smartd.enable = true;
         beesd.instances =
diff --git a/devices/pc/default.nix b/devices/pc/default.nix
index 8894c624..1892d2de 100644
--- a/devices/pc/default.nix
+++ b/devices/pc/default.nix
@@ -88,6 +88,7 @@ inputs:
         sshd = {};
         xray.client =
         {
+          enable = true;
           dnsmasq.hosts = builtins.listToAttrs
           (
             (builtins.map
diff --git a/devices/pi3b/default.nix b/devices/pi3b/default.nix
index 7bb8b4b4..b2766ab2 100644
--- a/devices/pi3b/default.nix
+++ b/devices/pi3b/default.nix
@@ -26,7 +26,7 @@ inputs:
       {
         # snapper.enable = true;
         sshd = {};
-        xray.client = {};
+        xray.client.enable = true;
         fail2ban = {};
         wireguard =
         {
diff --git a/devices/surface/default.nix b/devices/surface/default.nix
index 4ac23ac0..4feea8b2 100644
--- a/devices/surface/default.nix
+++ b/devices/surface/default.nix
@@ -42,7 +42,7 @@ inputs:
       {
         snapper.enable = true;
         sshd = {};
-        xray.client = {};
+        xray.client.enable = true;
         firewall.trustedInterfaces = [ "virbr0" ];
         wireguard =
         {
diff --git a/devices/xmupc1/default.nix b/devices/xmupc1/default.nix
index c36b5283..3c2405c2 100644
--- a/devices/xmupc1/default.nix
+++ b/devices/xmupc1/default.nix
@@ -58,7 +58,7 @@ inputs:
       {
         snapper.enable = true;
         sshd = { passwordAuthentication = true; groupBanner = true; };
-        xray.client = {};
+        xray.client.enable = true;
         firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
         smartd.enable = true;
         beesd.instances =
diff --git a/devices/xmupc2/default.nix b/devices/xmupc2/default.nix
index d3fcb302..f056c28a 100644
--- a/devices/xmupc2/default.nix
+++ b/devices/xmupc2/default.nix
@@ -52,7 +52,7 @@ inputs:
       {
         snapper.enable = true;
         sshd = { passwordAuthentication = true; groupBanner = true; };
-        xray.client = {};
+        xray.client.enable = true;
         firewall.trustedInterfaces = [ "virbr0" "waydroid0" ];
         smartd.enable = true;
         beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index 5a23d152..e397d6b2 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -9,7 +9,7 @@ inputs:
     behindNat = mkOption
     {
       type = types.bool;
-      default = inputs.config.nixos.services.xray.client != null;
+      default = inputs.config.nixos.services.xray.client.enable;
     };
     listenIp = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
     # if the host is behind xray, it should listen on another port, to make xray succeffully listen on 51820
diff --git a/modules/services/xray.nix b/modules/services/xray.nix
index 2010eed6..375c0abf 100644
--- a/modules/services/xray.nix
+++ b/modules/services/xray.nix
@@ -2,32 +2,29 @@ inputs:
 {
   options.nixos.services.xray = let inherit (inputs.lib) mkOption types; in
   {
-    client = mkOption
+    client =
     {
-      type = types.nullOr (types.submodule { options =
+      enable = mkOption { type = types.bool; default = false; };
+      xray =
       {
-        xray =
+        serverAddress = mkOption { type = types.nonEmptyStr; default = "74.211.99.69"; };
+        serverName = mkOption { type = types.nonEmptyStr; default = "vps6.xserver.chn.moe"; };
+      };
+      dnsmasq =
+      {
+        extraInterfaces = mkOption
         {
-          serverAddress = mkOption { type = types.nonEmptyStr; default = "74.211.99.69"; };
-          serverName = mkOption { type = types.nonEmptyStr; default = "vps6.xserver.chn.moe"; };
+          type = types.listOf types.nonEmptyStr;
+          default = inputs.lib.optional inputs.config.nixos.virtualization.docker.enable "docker0";
         };
-        dnsmasq =
-        {
-          extraInterfaces = mkOption
-          {
-            type = types.listOf types.nonEmptyStr;
-            default = inputs.lib.optional inputs.config.nixos.virtualization.docker.enable "docker0";
-          };
-          hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
-        };
-        v2ray-forwarder =
-        {
-          noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
-          noproxyTcpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
-          noproxyUdpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
-        };
-      };});
-      default = null;
+        hosts = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
+      };
+      v2ray-forwarder =
+      {
+        noproxyUsers = mkOption { type = types.listOf types.nonEmptyStr; default = [ "gb" "xll" ]; };
+        noproxyTcpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
+        noproxyUdpPorts = mkOption { type = types.listOf types.ints.unsigned; default = []; };
+      };
     };
     server = mkOption
     {
@@ -44,12 +41,12 @@ inputs:
     {
       assertions =
       [{
-        assertion = !(xray.client != null && xray.server != null);
+        assertion = !(xray.client.enable && xray.server != null);
         message = "Currenty xray.client and xray.server could not be simutaniusly enabled.";
       }];
     }
     (
-      inputs.lib.mkIf (xray.client != null)
+      inputs.lib.mkIf xray.client.enable
       {
         services =
         {