xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

dolomite: refactor

Browse source
This commit is contained in:
xinyangli 2024-11-22 14:45:16 +08:00
parent 9bf25972e9
commit d5ff5cbbb2
Signed by: xin
SSH key fingerprint: SHA256:UU5pRTl7NiLFJbWJZa+snLylZSXIz5rgHmwjzv8v4oE
12 changed files with 139 additions and 224 deletions
Download patch file Download diff file Expand all files Collapse all files

35
modules/nixos/common-settings/proxy-server.nix
View file

@ -36,7 +36,9 @@ let
users = [
{
name = "proxy";
password = password;
password = {
_secret = password;
};
}
];
tls = singTls;
@ -51,8 +53,12 @@ let
users = [
{
name = "proxy";
uuid = uuid;
password = password;
uuid = {
_secret = uuid;
};
password = {
_secret = password;
};
}
];
tls = singTls;
@ -102,12 +108,6 @@ in
{
options.commonSettings.proxyServer = {
enable = mkEnableOption "sing-box as a server";
uuidFile = mkOption {
type = types.path;
};
passwordFile = mkOption {
type = types.path;
};
};
config = mkIf cfg.enable {
@ -118,19 +118,6 @@ in
networking.firewall.trustedInterfaces = [ "tun0" ];
sops = {
secrets = {
wg_private_key = {
owner = "root";
sopsFile = ./secrets + "/${config.networking.hostName}.yaml";
};
wg_ipv6_local_addr = {
owner = "root";
sopsFile = ./secrets + "/${config.networking.hostName}.yaml";
};
};
};
security.acme = {
acceptTerms = true;
certs.${config.deployment.targetHost} = {
@ -157,8 +144,8 @@ in
services.sing-box = {
enable = true;
settings = mkSingConfig {
uuid = cfg.uuidFile;
password = cfg.passwordFile;
uuid = config.sops.secrets."sing-box/uuid".path;
password = config.sops.secrets."sing-box/password".path;
};
};
};

1
modules/nixos/default.nix
View file

@ -3,6 +3,7 @@
./common-settings/auth.nix
./common-settings/autoupgrade.nix
./common-settings/nix-conf.nix
./common-settings/proxy-server.nix
./restic.nix
./vaultwarden.nix
./prometheus