feat: xray config that doesnt work idk why

2024-12-04 13:11:30 +09:00 · 2024-12-04 13:11:30 +09:00 · edc75500da
commit edc75500da
parent 3e4216efd5
5 changed files with 34 additions and 3 deletions
--- a/flake.lock
+++ b/flake.lock
@ -100,8 +100,8 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1731969219,
-        "narHash": "sha256-FkzplQ6ro4XeiPzm6tOY4zhI4Tw/iwQ/nOQU+f3biLk=",
+        "lastModified": 1733266129,
+        "narHash": "sha256-ez4R0WpHSZ5mVit5uh5qiQ/ljpkhh7fQZDiQkHL/rCc=",
        "type": "tarball",
        "url": "https://git.gaze.systems/gazesys/website/releases/download/latest/source.tgz"
      },
--- a/hosts/wolumonde/modules/secrets.nix
+++ b/hosts/wolumonde/modules/secrets.nix
@ -1,4 +1,4 @@
-{
+{lib, ...}: {
  age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age;
  age.secrets.wgWolumondeKey = {
    file = ../../../secrets/wgWolumondeKey.age;
@ -10,4 +10,11 @@
  age.secrets.tmodloaderServerPass.file = ../../../secrets/tmodloaderServerPass.age;
  age.secrets.websiteConfig.file = ../../../secrets/websiteConfig.age;
  age.secrets.giteaActRunnerToken.file = ../../../secrets/giteaActRunnerToken.age;
+  age.secrets.xrayConfig = {
+    name = "xrayConfig.json";
+    file = ../../../secrets/xrayConfig.age;
+    mode = "600";
+    # owner = "xray";
+    # group = "xray";
+  };
 }
--- a/hosts/wolumonde/modules/xray.disabled
+++ b/hosts/wolumonde/modules/xray.disabled
@ -0,0 +1,23 @@
+{lib, config, ...}: {
+  services.xray = {
+    enable = true;
+    settingsFile = config.age.secrets.xrayConfig.path;
+  };
+  users.groups.xray = {};
+  users.users.xray = {
+    group = "xray";
+    isSystemUser = true;
+  };
+  systemd.services.xray.serviceConfig = {
+    User = "xray";
+    Group = "xray";
+    DynamicUser = lib.mkForce false;
+    RuntimeDirectory = "xray";
+    ProtectSystem = "strict";
+    ProtectHome = "read-only";
+    PrivateTmp = "yes";
+    RemoveIPC = "yes";
+  };
+  networking.firewall.allowedUDPPorts = [1080];
+  networking.firewall.allowedTCPPorts = [1080];
+}
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -11,4 +11,5 @@ in {
  "tmodloaderServerPass.age".publicKeys = [yusdacra wolumonde];
  "websiteConfig.age".publicKeys = [yusdacra wolumonde];
  "giteaActRunnerToken.age".publicKeys = [yusdacra wolumonde];
+  "xrayConfig.age".publicKeys = [yusdacra wolumonde];
 }
--- a/secrets/xrayConfig.age
+++ b/secrets/xrayConfig.age