feat: xray config that doesnt work idk why

This commit is contained in:
dusk 2024-12-04 13:11:30 +09:00
parent 3e4216efd5
commit edc75500da
Signed by: dusk
SSH Key Fingerprint: SHA256:Abmvag+juovVufZTxyWY8KcVgrznxvBjQpJesv071Aw
5 changed files with 34 additions and 3 deletions

View File

@ -100,8 +100,8 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731969219, "lastModified": 1733266129,
"narHash": "sha256-FkzplQ6ro4XeiPzm6tOY4zhI4Tw/iwQ/nOQU+f3biLk=", "narHash": "sha256-ez4R0WpHSZ5mVit5uh5qiQ/ljpkhh7fQZDiQkHL/rCc=",
"type": "tarball", "type": "tarball",
"url": "https://git.gaze.systems/gazesys/website/releases/download/latest/source.tgz" "url": "https://git.gaze.systems/gazesys/website/releases/download/latest/source.tgz"
}, },

View File

@ -1,4 +1,4 @@
{ {lib, ...}: {
age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age; age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age;
age.secrets.wgWolumondeKey = { age.secrets.wgWolumondeKey = {
file = ../../../secrets/wgWolumondeKey.age; file = ../../../secrets/wgWolumondeKey.age;
@ -10,4 +10,11 @@
age.secrets.tmodloaderServerPass.file = ../../../secrets/tmodloaderServerPass.age; age.secrets.tmodloaderServerPass.file = ../../../secrets/tmodloaderServerPass.age;
age.secrets.websiteConfig.file = ../../../secrets/websiteConfig.age; age.secrets.websiteConfig.file = ../../../secrets/websiteConfig.age;
age.secrets.giteaActRunnerToken.file = ../../../secrets/giteaActRunnerToken.age; age.secrets.giteaActRunnerToken.file = ../../../secrets/giteaActRunnerToken.age;
age.secrets.xrayConfig = {
name = "xrayConfig.json";
file = ../../../secrets/xrayConfig.age;
mode = "600";
# owner = "xray";
# group = "xray";
};
} }

View File

@ -0,0 +1,23 @@
{lib, config, ...}: {
services.xray = {
enable = true;
settingsFile = config.age.secrets.xrayConfig.path;
};
users.groups.xray = {};
users.users.xray = {
group = "xray";
isSystemUser = true;
};
systemd.services.xray.serviceConfig = {
User = "xray";
Group = "xray";
DynamicUser = lib.mkForce false;
RuntimeDirectory = "xray";
ProtectSystem = "strict";
ProtectHome = "read-only";
PrivateTmp = "yes";
RemoveIPC = "yes";
};
networking.firewall.allowedUDPPorts = [1080];
networking.firewall.allowedTCPPorts = [1080];
}

View File

@ -11,4 +11,5 @@ in {
"tmodloaderServerPass.age".publicKeys = [yusdacra wolumonde]; "tmodloaderServerPass.age".publicKeys = [yusdacra wolumonde];
"websiteConfig.age".publicKeys = [yusdacra wolumonde]; "websiteConfig.age".publicKeys = [yusdacra wolumonde];
"giteaActRunnerToken.age".publicKeys = [yusdacra wolumonde]; "giteaActRunnerToken.age".publicKeys = [yusdacra wolumonde];
"xrayConfig.age".publicKeys = [yusdacra wolumonde];
} }

BIN
secrets/xrayConfig.age Normal file

Binary file not shown.