shitcoding moment

2025-12-01 13:47:27 +07:00 · 2025-12-01 13:47:27 +07:00 · 58475e433e
commit 58475e433e
parent 8e31bd6c02
28 changed files with 703 additions and 258 deletions
--- a/servers/artemisia/hardware-configuration.nix
+++ b/servers/artemisia/hardware-configuration.nix
@ -1,17 +1,8 @@
 { modulesPath, ... }:
-
 {
-	imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-	
-	boot = {
-		loader.grub.device = "/dev/vda";
-		initrd = {
-			kernelModules = [ "nvme" ];
-			availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
-		};
-		tmp.cleanOnBoot = true;
-	};
-
-	fileSystems."/" = { device = "/dev/mapper/debian12--vg-root"; fsType = "ext4"; };
-	swapDevices = [ { device = "/dev/dm-1"; } ];
-}
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/vda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
+}
--- a/servers/artemisia/main.nix
+++ b/servers/artemisia/main.nix
@ -11,7 +11,7 @@

 	services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
 	services.yggdrasil.persistentKeys = false;
-	
+
 	marzban = {
 		env = {
 			UVICORN_HOST = "artemisia.project-a.space";
@ -22,14 +22,106 @@
 		};
 		cert = true;
 		domain = "artemisia.project-a.space";
-		xray = import ../common/xray.nix {
-			server-domain = "artemisia.project-a.space";
-			port = secret.marzban.vless-port;
-			dest = secret.marzban.dest;
-			privateKey = secret.marzban.privateKey;
-			shortId = secret.marzban.shortId;
-			spiderX = secret.marzban.spiderX;
-			sni = secret.marzban.sni;
+		xray = {
+			log.loglevel = "warning";
+			dns = {
+				servers = [ "1.1.1.1" ];
+				queryStrategy = "UseIPv4";
+			};
+			routing = {
+				rules = [
+					{
+						ip = [ "geoip:private" ];
+						outboundTag = "BLOCK";
+						type = "field";
+					}
+					{
+					  user = ["sayhex"];
+						outboundTag = "proxy";
+						type = "field";
+					}
+				];
+			};
+			inbounds = [
+				{
+					tag = "VLESS TCP REALITY";
+					listen = "0.0.0.0";
+					port = secret.marzban.vless-port;
+					protocol = "vless";
+					settings = {
+						clients = [];
+						decryption = "none";
+					};
+					streamSettings = {
+						network = "tcp";
+						tcpSettings = {};
+						security = "reality";
+						realitySettings = {
+							show = false;
+							dest = secret.marzban.dest;
+							xver = 0;
+							serverNames = secret.marzban.sni;
+							privateKey = secret.marzban.privateKey;
+							shortIds = [
+							  secret.marzban.shortId
+							];
+						};
+					};
+					sniffing = {
+						enabled = true;
+						destOverride = [ "http" "tls" "quic" ];
+					};
+				}
+				{
+					tag = "VMESS WS NOTLS";
+					listen = "0.0.0.0";
+					port = 8080;
+					protocol = "vmess";
+					settings = {
+						clients = [];
+						decryption = "none";
+					};
+					streamSettings = {
+						network = "ws";
+						wsSettings = {
+							path = "/";
+						};
+						security = "none";
+					};
+					sniffing = {
+						enabled = true;
+						destOverride = [
+							"http"
+							"tls"
+							"quic"
+						];
+					};
+				}
+			];
+			outbounds = [
+				{
+					protocol = "freedom";
+					tag = "DIRECT";
+				}
+				{
+					protocol = "blackhole";
+					tag = "BLOCK";
+				}
+				{
+				  protocol = "shadowsocks";
+					tag = "proxy";
+					settings = {
+					  servers = [
+							{
+							  address = "62.60.177.69";
+								port = 8443;
+								method = "aes-256-gcm";
+                password = "sosal?";
+							}
+						];
+					};
+				}
+			];
 		};
 	};

@ -37,5 +129,9 @@
 		temurin-jre-bin-24
 	];

-	networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 ];
-}
+	programs = {
+	  nix-ld.enable = true;
+	};
+
+	networking.firewall.allowedTCPPorts = [ secret.marzban.port 4001 8080 ];
+}