flake: bump

This commit is contained in:
Guanran Wang 2024-10-19 17:30:29 +08:00
parent 1f046d8831
commit 6527694d89
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
5 changed files with 76 additions and 9 deletions

View file

@ -146,11 +146,11 @@
]
},
"locked": {
"lastModified": 1729260213,
"narHash": "sha256-jAvHoU/1y/yCuXzr2fNF+q6uKmr8Jj2xgAisK4QB9to=",
"lastModified": 1729321331,
"narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "09a0c0c02953318bf94425738c7061ffdc4cba75",
"rev": "122f70545b29ccb922e655b08acfe05bfb44ec68",
"type": "github"
},
"original": {
@ -175,11 +175,11 @@
]
},
"locked": {
"lastModified": 1729316020,
"narHash": "sha256-ujO/zbXqnZ6xR1Pl7zW0f4pGA3Q9mARpCTRxoGkn9E8=",
"rev": "c67ad664ffacf614ba6716bab41ac2f18b0e880e",
"lastModified": 1729329289,
"narHash": "sha256-49QKrohNJzmrLBjI9yqy/z8qdntfwrwqqb2EhQbrvKc=",
"rev": "51621426b862bced548fe9f88a5a36d02fd4b551",
"type": "tarball",
"url": "https://git.ny4.dev/api/v1/repos/nyancat/ip-checker/archive/c67ad664ffacf614ba6716bab41ac2f18b0e880e.tar.gz"
"url": "https://git.ny4.dev/api/v1/repos/nyancat/ip-checker/archive/51621426b862bced548fe9f88a5a36d02fd4b551.tar.gz"
},
"original": {
"type": "tarball",

View file

@ -59,6 +59,36 @@
services.caddy.enable = true;
services.caddy.settings.apps.http.servers.srv0 = {
listen = [ ":443" ];
trusted_proxies = {
# https://www.cloudflare.com/ips/
ranges = [
"173.245.48.0/20"
"103.21.244.0/22"
"103.22.200.0/22"
"103.31.4.0/22"
"141.101.64.0/18"
"108.162.192.0/18"
"190.93.240.0/20"
"188.114.96.0/20"
"197.234.240.0/22"
"198.41.128.0/17"
"162.158.0.0/15"
"104.16.0.0/13"
"104.24.0.0/14"
"172.64.0.0/13"
"131.0.72.0/22"
"2400:cb00::/32"
"2606:4700::/32"
"2803:f800::/32"
"2405:b500::/32"
"2405:8100::/32"
"2a06:98c0::/29"
"2c0f:f248::/32"
];
source = "static";
};
trusted_proxies_strict = 1;
};
systemd.services."caddy".serviceConfig.SupplementaryGroups = [

View file

@ -13,7 +13,11 @@
];
allowUnfree = false;
allowUnfreePredicate = pkg: lib.elem (lib.getName pkg) [ ];
allowUnfreePredicate =
pkg:
lib.elem (lib.getName pkg) [
"clash-geoip"
];
permittedInsecurePackages = [ ];
};

View file

@ -27,5 +27,35 @@
services.caddy.enable = true;
services.caddy.settings.apps.http.servers.srv0 = {
listen = [ ":443" ];
trusted_proxies = {
# https://www.cloudflare.com/ips/
ranges = [
"173.245.48.0/20"
"103.21.244.0/22"
"103.22.200.0/22"
"103.31.4.0/22"
"141.101.64.0/18"
"108.162.192.0/18"
"190.93.240.0/20"
"188.114.96.0/20"
"197.234.240.0/22"
"198.41.128.0/17"
"162.158.0.0/15"
"104.16.0.0/13"
"104.24.0.0/14"
"172.64.0.0/13"
"131.0.72.0/22"
"2400:cb00::/32"
"2606:4700::/32"
"2803:f800::/32"
"2405:b500::/32"
"2405:8100::/32"
"2a06:98c0::/29"
"2c0f:f248::/32"
];
source = "static";
};
trusted_proxies_strict = 1;
};
}

View file

@ -11,7 +11,10 @@ in
{
systemd.services."ip-checker" = {
wantedBy = [ "multi-user.target" ];
environment.IP_CHECKER_LISTEN = "127.0.0.1:${toString port}";
environment = {
IP_CHECKER_LISTEN = "127.0.0.1:${toString port}";
IP_CHECKER_COUNTRY_DB = "${pkgs.clash-geoip}/etc/clash/Country.mmdb";
};
serviceConfig = {
ExecStart = lib.getExe inputs.ip-checker.packages.${pkgs.stdenv.hostPlatform.system}.default;
WorkingDirectory = inputs.ip-checker;