Project-A/project-flake
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Project-A:21737592da5a6d1bf471514f31e52d1e01319523
Branches Tags
Project-A:master
...
compare: Project-A:032a5f4b045c59f21ee168e83091ceadcd563992
Branches Tags
Project-A:master

3 commits
21737592da ... 032a5f4b04

Author SHA1 Message Date
emptyynes
032a5f4b04 xray and nginx improvements 2025-09-19 11:33:48 +07:00
emptyynes
694a4e7605 increased nginx proxy parameters 2025-09-19 10:08:16 +07:00
emptyynes
d12274102a added gitignore 2025-09-17 16:45:03 +07:00
11 changed files with 29 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
flake.lock

6
secret.nix
View file

@ -10,6 +10,7 @@ let
privateKey = mkOption { type = types.str; default = ""; }; privateKey = mkOption { type = types.str; default = ""; };
shortId = mkOption { type = types.str; default = ""; }; shortId = mkOption { type = types.str; default = ""; };
spiderX = mkOption { type = types.str; default = "/"; }; spiderX = mkOption { type = types.str; default = "/"; };
sni = mkOption { type = types.str; default = "/"; };
}; };
affine-config = with lib; { affine-config = with lib; {
env = { env = {
@ -25,6 +26,7 @@ in {
secret = { secret = {
artemisia = { artemisia = {
marzban = marzban-config; marzban = marzban-config;
yggdrasil.PrivateKey = mkOption { type = str; default = ""; };
}; };
mio = { mio = {
marzban = marzban-config; marzban = marzban-config;
@ -38,8 +40,10 @@ in {
common = { common = {
yggdrasil = { yggdrasil = {
reine = mkOption { type = str; default = ""; }; reine = mkOption { type = str; default = ""; };
artemisia = mkOption { type = str; default = ""; };
password = mkOption { type = str; default = ""; };
}; };
}; };
}; };
}; };
} }

5
servers/artemisia/main.nix
View file

@ -9,7 +9,9 @@
networking.hostName = "artemisia"; networking.hostName = "artemisia";
system.stateVersion = "25.05"; system.stateVersion = "25.05";
services.yggdrasil.persistentKeys = true; services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
services.yggdrasil.persistentKeys = false;
marzban = { marzban = {
env = { env = {
UVICORN_HOST = "artemisia.project-a.space"; UVICORN_HOST = "artemisia.project-a.space";
@ -27,6 +29,7 @@
privateKey = secret.marzban.privateKey; privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId; shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX; spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
}; };
}; };

4
servers/artemisia/nginx.nix
View file

@ -39,9 +39,9 @@
listen [::0]:443; listen [::0]:443;
proxy_pass $name; proxy_pass $name;
ssl_preread on; ssl_preread on;
proxy_connect_timeout 1s; proxy_connect_timeout 30s;
proxy_timeout 1h; proxy_timeout 1h;
proxy_buffer_size 16k; proxy_buffer_size 64k;
} }
''; '';
}; };

4
servers/common/xray.nix
View file

@ -1,4 +1,4 @@
{ server-domain, port, dest, privateKey, shortId, spiderX }: { server-domain, port, dest, privateKey, shortId, spiderX, sni }:
{ {
log.loglevel = "warning"; log.loglevel = "warning";
@ -34,7 +34,7 @@
dest = dest; dest = dest;
xver = 0; xver = 0;
serverNames = [ serverNames = [
server-domain sni
]; ];
privateKey = privateKey; privateKey = privateKey;
SpiderX = spiderX; SpiderX = spiderX;

3
servers/common/yggdrasil.nix
View file

@ -5,8 +5,7 @@
enable = true; enable = true;
settings = { settings = {
Peers = [ Peers = [
"tls://kuber.project-a.space:666" "tls://artemisia.project-a.space:666"
"tls://arti.project-a.space:666"
"tls://reine.project-a.space:666" "tls://reine.project-a.space:666"
]; ];
Listen = [ Listen = [

1
servers/mio/main.nix
View file

@ -42,6 +42,7 @@
privateKey = secret.marzban.privateKey; privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId; shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX; spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
}; };
}; };

4
servers/mio/nginx.nix
View file

@ -28,9 +28,9 @@
listen [::0]:443; listen [::0]:443;
proxy_pass $name; proxy_pass $name;
ssl_preread on; ssl_preread on;
proxy_connect_timeout 1s; proxy_connect_timeout 30s;
proxy_timeout 1h; proxy_timeout 1h;
proxy_buffer_size 16k; proxy_buffer_size 64k;
} }
''; '';
}; };

9
servers/reine/main.nix
View file

@ -11,5 +11,14 @@
services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey; services.yggdrasil.settings.PrivateKey = secret.yggdrasil.PrivateKey;
services.yggdrasil.persistentKeys = false; services.yggdrasil.persistentKeys = false;
hardware.amdgpu.opencl.enable = true; hardware.amdgpu.opencl.enable = true;
hardware.graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
hardware.amdgpu.overdrive.enable = true;
hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";
environment.systemPackages = with pkgs; [ clinfo mesa.opencl ];
system.stateVersion = "25.05"; system.stateVersion = "25.05";
} }

1
servers/vanessa/main.nix
View file

@ -24,6 +24,7 @@
privateKey = secret.marzban.privateKey; privateKey = secret.marzban.privateKey;
shortId = secret.marzban.shortId; shortId = secret.marzban.shortId;
spiderX = secret.marzban.spiderX; spiderX = secret.marzban.spiderX;
sni = secret.marzban.sni;
}; };
}; };

6
servers/vanessa/nginx.nix
View file

@ -15,10 +15,6 @@
default marzban; default marzban;
} }
upstream git {
server 127.0.0.1:444;
}
upstream marzban { upstream marzban {
server 127.0.0.1:1080; server 127.0.0.1:1080;
} }
@ -28,7 +24,7 @@
listen [::0]:443; listen [::0]:443;
proxy_pass $name; proxy_pass $name;
ssl_preread on; ssl_preread on;
proxy_connect_timeout 1s; proxy_connect_timeout 30s;
proxy_timeout 1h; proxy_timeout 1h;
proxy_buffer_size 16k; proxy_buffer_size 16k;
} }