shitcoding moment

2025-12-01 13:47:27 +07:00 · 2025-12-01 13:47:27 +07:00 · 58475e433e
commit 58475e433e
parent 8e31bd6c02
28 changed files with 703 additions and 258 deletions
--- a/servers/mio/main.nix
+++ b/servers/mio/main.nix
@ -9,7 +9,58 @@
 	environment.systemPackages = with pkgs; [
 		pkgs-unstable.sing-box
 	];
-	
+
+	marzban = {
+		env = {
+			UVICORN_HOST = "mio.project-a.space";
+			UVICORN_PORT = secret.marzban.port;
+			SUDO_USERNAME = secret.marzban.sudo-username;
+			SUDO_PASSWORD = secret.marzban.sudo-password;
+			DOCS = true;
+		};
+		cert = true;
+		domain = "mio.project-a.space";
+		xray = {
+			log.loglevel = "warning";
+			dns = {
+				servers = [ "1.1.1.1" ];
+				queryStrategy = "UseIPv4";
+			};
+			routing = {
+				rules = [
+					{
+						ip = [ "geoip:private" ];
+						outboundTag = "BLOCK";
+						type = "field";
+					}
+				];
+			};
+			inbounds = [
+        {
+          port = 8443;
+          tag = "Mr Penis Network";
+          protocol = "shadowsocks";
+          settings = {
+            method = "aes-128-gcm";
+            password = "sosal?";
+            network = "tcp,udp";
+          };
+        }
+			];
+			outbounds = [
+				{
+					protocol = "freedom";
+					tag = "DIRECT";
+				}
+				{
+					protocol = "blackhole";
+					tag = "BLOCK";
+				}
+			];
+		};
+	};
+
+	networking.firewall.allowedTCPPorts = [ secret.marzban.port 8443 ];
+
 	services.yggdrasil.persistentKeys = true;
-	networking.firewall.allowedTCPPorts = [ 443 ];
-}
+}
--- a/servers/mio/nginx.nix
+++ b/servers/mio/nginx.nix
@ -10,7 +10,7 @@

 		streamConfig = ''
 			map $ssl_preread_server_name $name {
-				default marzban;
+				default                marzban;
 			}

 			upstream marzban {