2024-04-22 18:35:50 +00:00
|
|
|
{
|
|
|
|
|
modulesPath,
|
|
|
|
|
lib,
|
2024-04-22 21:01:38 +00:00
|
|
|
config,
|
2024-04-22 18:35:50 +00:00
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
imports = [
|
|
|
|
|
"${modulesPath}/virtualisation/amazon-image.nix"
|
|
|
|
|
../../nixos/profiles/server
|
|
|
|
|
./anti-feature.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
time.timeZone = "Asia/Tokyo";
|
|
|
|
|
boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
|
|
|
|
|
system.stateVersion = "23.11";
|
2024-04-22 21:01:38 +00:00
|
|
|
|
|
|
|
|
### Services
|
|
|
|
|
sops.secrets = builtins.mapAttrs (_name: value:
|
|
|
|
|
value
|
|
|
|
|
// {
|
|
|
|
|
sopsFile = ./secrets.yaml;
|
|
|
|
|
restartUnits = ["hysteria.service"];
|
|
|
|
|
}) {
|
|
|
|
|
"hysteria/certificate" = {};
|
|
|
|
|
"hysteria/private-key" = {};
|
|
|
|
|
"hysteria/auth" = {};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sops.templates."hysteria.yaml".content = ''
|
|
|
|
|
tls:
|
|
|
|
|
cert: /run/credentials/hysteria.service/cert
|
|
|
|
|
key: /run/credentials/hysteria.service/key
|
|
|
|
|
|
|
|
|
|
masquerade:
|
|
|
|
|
type: proxy
|
|
|
|
|
proxy:
|
|
|
|
|
url: https://news.ycombinator.com/
|
|
|
|
|
rewriteHost: true
|
|
|
|
|
|
|
|
|
|
${config.sops.placeholder."hysteria/auth"}
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
networking.firewall.allowedUDPPorts = [80 443];
|
|
|
|
|
networking.firewall.allowedTCPPorts = [80 443];
|
|
|
|
|
|
|
|
|
|
services.hysteria = {
|
|
|
|
|
enable = true;
|
|
|
|
|
configFile = config.sops.templates."hysteria.yaml".path;
|
|
|
|
|
credentials = [
|
|
|
|
|
"cert:${config.sops.secrets."hysteria/certificate".path}"
|
|
|
|
|
"key:${config.sops.secrets."hysteria/private-key".path}"
|
|
|
|
|
];
|
|
|
|
|
};
|
2024-04-22 18:35:50 +00:00
|
|
|
}
|
