66 lines
1.2 KiB
Nix
66 lines
1.2 KiB
Nix
{ config, pkgs, pkgs-unstable, secret, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./nginx.nix
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
pkgs-unstable.sing-box
|
|
];
|
|
|
|
marzban = {
|
|
env = {
|
|
UVICORN_HOST = "mio.project-a.space";
|
|
UVICORN_PORT = secret.marzban.port;
|
|
SUDO_USERNAME = secret.marzban.sudo-username;
|
|
SUDO_PASSWORD = secret.marzban.sudo-password;
|
|
DOCS = true;
|
|
};
|
|
cert = true;
|
|
domain = "mio.project-a.space";
|
|
xray = {
|
|
log.loglevel = "warning";
|
|
dns = {
|
|
servers = [ "1.1.1.1" ];
|
|
queryStrategy = "UseIPv4";
|
|
};
|
|
routing = {
|
|
rules = [
|
|
{
|
|
ip = [ "geoip:private" ];
|
|
outboundTag = "BLOCK";
|
|
type = "field";
|
|
}
|
|
];
|
|
};
|
|
inbounds = [
|
|
{
|
|
port = 8443;
|
|
tag = "Mr Penis Network";
|
|
protocol = "shadowsocks";
|
|
settings = {
|
|
method = "aes-128-gcm";
|
|
password = "sosal?";
|
|
network = "tcp,udp";
|
|
};
|
|
}
|
|
];
|
|
outbounds = [
|
|
{
|
|
protocol = "freedom";
|
|
tag = "DIRECT";
|
|
}
|
|
{
|
|
protocol = "blackhole";
|
|
tag = "BLOCK";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ secret.marzban.port 8443 ];
|
|
|
|
services.yggdrasil.persistentKeys = true;
|
|
}
|