chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 01:55:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
37ba4f34e798ba70c7405108c05eff20c22873ae
nixos/modules/services/xray/xmuServer.nix

66 lines
2.2 KiB
Nix
Raw Blame History

inputs:
{
options.nixos.services.xray.xmuServer = let inherit (inputs.lib) mkOption types; in mkOption
{
type = types.nullOr (types.submodule { options =
{
hostname = mkOption { type = types.nonEmptyStr; default = "xserverxmu.chn.moe"; };
};});
default = null;
};
config = let inherit (inputs.config.nixos.services.xray) xmuServer; in inputs.lib.mkIf (xmuServer != null)
{
nixos.system.sops =
{
templates."xray-xmu-server.json" =
{
owner = inputs.config.users.users.v2ray.name;
content = builtins.toJSON
{
log.loglevel = "warning";
inbounds =
[{
port = 4727;
listen = "127.0.0.1";
protocol = "vless";
settings =
{
clients = [{ id = inputs.config.nixos.system.sops.placeholder."xray-xmu-server"; }];
decryption = "none";
};
streamSettings = { network = "xhttp"; xhttpSettings = { mode = "packet-up"; path = "/xsession"; }; };
tag = "in";
}];
outbounds = [{ protocol = "freedom"; tag = "freedom"; }];
};
};
secrets."xray-xmu-server" = {};
};
systemd.services.xray-xmu-server =
{
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = let config = inputs.config.nixos.system.sops.templates."xray-xmu-server.json".path; in
"exec ${inputs.pkgs.xray}/bin/xray -config ${config}";
serviceConfig =
{
User = "v2ray";
Group = "v2ray";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
NoNewPrivileges = true;
LimitNPROC = 65536;
LimitNOFILE = 524288;
};
restartTriggers = [ inputs.config.nixos.system.sops.templates."xray-xmu-server.json".file ];
};
users =
{
users.v2ray = { uid = inputs.config.nixos.user.uid.v2ray; group = "v2ray"; isSystemUser = true; };
groups.v2ray.gid = inputs.config.nixos.user.gid.v2ray;
};
nixos.services.nginx.https.${xmuServer.hostname}.location =
{ "/".return.return = "400"; "/xsession".proxy.upstream = "http://127.0.0.1:4727"; };
};
}
Reference in New Issue View Git Blame Copy Permalink