shitcoding moment

2025-12-01 13:47:27 +07:00 · 2025-12-01 13:47:27 +07:00 · 58475e433e
commit 58475e433e
parent 8e31bd6c02
28 changed files with 703 additions and 258 deletions
--- a/servers/wise/main.nix
+++ b/servers/wise/main.nix
@ -0,0 +1,156 @@
+{ config, pkgs, secret, ... }:
+
+{
+	imports = [
+		./hardware-configuration.nix
+	];
+	networking.hostName = "wise";
+	system.stateVersion = "25.05";
+
+	services.yggdrasil.persistentKeys = true;
+	
+	marzban = {
+		env = {
+			UVICORN_HOST = "wise.project-a.space";
+			UVICORN_PORT = 1488;
+			SUDO_USERNAME = "wise-admin";
+			SUDO_PASSWORD = "ZgUrEmg3m#U5t+ryhbac";
+			DOCS = true;
+		};
+		cert = true;
+		domain = "wise.project-a.space";
+		xray = {
+			log.loglevel = "warning";
+			dns = {
+				servers = [ "1.1.1.1" ];
+				queryStrategy = "UseIPv4";
+			};
+			routing = {
+				rules = [
+					{
+						ip = [ "geoip:private" ];
+						outboundTag = "BLOCK";
+						type = "field";
+					}
+					{
+					  user = ["sayhex"];
+						outboundTag = "proxy";
+						type = "field";
+					}
+				];
+			};
+			inbounds = [
+				{
+					tag = "VLESS TCP REALITY";
+					listen = "0.0.0.0";
+					port = 443;
+					protocol = "vless";
+					settings = {
+						clients = [];
+						decryption = "none";
+					};
+					streamSettings = {
+						network = "tcp";
+						tcpSettings = {};
+						security = "reality";
+						realitySettings = {
+							show = false;
+							dest = "vk.com:443";
+							xver = 0;
+							serverNames = [
+								"*.vk.com"
+								"*.vk.ru"
+								"*.userapi.com"
+								"*.vk-portal.net"
+								"*.yandex.net"
+								"*.yandex.ru"
+								"*.mail.ru"
+								"*.ozone.ru"
+								"*.ozon.ru"
+								"*.wildberries.ru"
+								"*.tbank.ru"
+								"*.alfabank.ru"
+								"*.sberbank.ru"
+								"*.2gis.ru"
+								"*.kinopoisk.ru"
+								"*.rutube.ru"
+								"*.mts.ru"
+								"*.beeline.ru"
+								"*.t2.ru"
+								"*.megafon.ru"
+								"*.mindbox.ru"
+								"*.yandexcloud.net"
+								"*.max.ru"
+								"dzen.ru"
+								"ok.ru"
+								"servicepipe.ru"
+								"nspk.ru"
+								"statad.ru"
+								"get4click.ru"
+								"tns-counter.ru"
+								"cdn.uxfeedback.ru"
+								"speller.yandex.net"
+								"widgets.cbonds.ru"
+								"www.magnit.com"
+								"vk.com"
+								"vk.ru"
+								"userapi.com"
+								"vk-portal.net"
+								"yandex.net"
+								"yandex.ru"
+								"mail.ru"
+								"ozone.ru"
+								"ozon.ru"
+								"wildberries.ru"
+								"tbank.ru"
+								"alfabank.ru"
+								"sberbank.ru"
+								"2gis.ru"
+								"kinopoisk.ru"
+								"rutube.ru"
+								"mts.ru"
+								"beeline.ru"
+								"t2.ru"
+								"megafon.ru"
+								"mindbox.ru"
+								"yandexcloud.net"
+								"cloudflare.com"
+								"max.ru"
+							];
+							privateKey = "uMLrAwrkba7AZ040JWwgX3lsCJFWAICW9diA5OIyOiI";
+							shortIds = [
+							  "12f1c52fdfb49461"
+							];
+						};
+					};
+					sniffing = {
+						enabled = true;
+						destOverride = [ "http" "tls" "quic" ];
+					};
+				}
+				{
+					port = 8443;
+					tag = "Mr Penis Network";
+					protocol = "shadowsocks";
+					settings = {
+						method = "aes-128-gcm";
+						password = "sosal?";
+						network = "tcp,udp";
+					};
+				}
+			];
+			outbounds = [
+				{
+					protocol = "freedom";
+					tag = "DIRECT";
+				}
+				{
+					protocol = "blackhole";
+					tag = "BLOCK";
+				}
+			];
+		};
+	};
+
+	networking.firewall.allowedTCPPorts = [ 1488 443 8443 ];
+}