nixos/sing-box: simplify
This commit is contained in:
parent
cb5016aa15
commit
6fe94dd13b
2 changed files with 13 additions and 22 deletions
|
@ -2,6 +2,7 @@
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
config,
|
config,
|
||||||
|
nodes,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
|
@ -21,30 +22,20 @@
|
||||||
sniff_override_destination = true;
|
sniff_override_destination = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
outbounds = [
|
outbounds =
|
||||||
{
|
lib.mapAttrsToList (n: v: {
|
||||||
type = "vless";
|
type = "vless";
|
||||||
tag = "tyo0";
|
tag = n;
|
||||||
server = "tyo0.ny4.dev";
|
server = v.fqdn;
|
||||||
server_port = 27253;
|
server_port = 27253;
|
||||||
uuid._secret = config.sops.secrets."sing-box/tyo0".path;
|
uuid._secret = config.sops.secrets."sing-box/uuid".path;
|
||||||
flow = "xtls-rprx-vision";
|
flow = "xtls-rprx-vision";
|
||||||
tls.enabled = true;
|
tls.enabled = true;
|
||||||
}
|
}) (lib.filterAttrs (_name: value: lib.elem "proxy" value.tags) nodes)
|
||||||
{
|
++ lib.singleton {
|
||||||
type = "vless";
|
|
||||||
tag = "sin0";
|
|
||||||
server = "sin0.ny4.dev";
|
|
||||||
server_port = 27253;
|
|
||||||
uuid._secret = config.sops.secrets."sing-box/tyo0".path;
|
|
||||||
flow = "xtls-rprx-vision";
|
|
||||||
tls.enabled = true;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
type = "direct";
|
type = "direct";
|
||||||
tag = "direct";
|
tag = "direct";
|
||||||
}
|
};
|
||||||
];
|
|
||||||
|
|
||||||
route = {
|
route = {
|
||||||
rules = [
|
rules = [
|
||||||
|
@ -104,7 +95,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
### sops-nix
|
### sops-nix
|
||||||
sops.secrets."sing-box/tyo0" = {
|
sops.secrets."sing-box/uuid" = {
|
||||||
restartUnits = [ "sing-box.service" ];
|
restartUnits = [ "sing-box.service" ];
|
||||||
sopsFile = ./secrets.yaml;
|
sopsFile = ./secrets.yaml;
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
sing-box:
|
sing-box:
|
||||||
tyo0: ENC[AES256_GCM,data:GDMc7U+e60UzGkkl2uvRfhyAdGKE4WCrcQSvwENXjV0yKhVa,iv:uobBavFcQZ/8JmJrZHtL11Tjhs2Aaq/ZBBhrW+o97JQ=,tag:/qME2YQCw6Lrt47gu7UAgg==,type:str]
|
uuid: ENC[AES256_GCM,data:ft5iOeusx+qtpYSlJphVN0YU7npJt4IjiTK5I922/awtzTEJ,iv:Ad/KPVBxxQAtBklkLbucVFRgq+jg2RnMKdq8jyGgU1k=,tag:WuiCyVdqk4qSemBsVp4EQg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -33,8 +33,8 @@ sops:
|
||||||
NTdHRTVNeUxYUHYzQzIvMlZlTFhoVkEKcjzpxTP25gadACwH6g9SZCsw2KPoNiQ6
|
NTdHRTVNeUxYUHYzQzIvMlZlTFhoVkEKcjzpxTP25gadACwH6g9SZCsw2KPoNiQ6
|
||||||
JsMOOy+JUrIzGDftkDYzQhxg+fDWPMnRVzk5EMEw5AU2RghrrJzTWA==
|
JsMOOy+JUrIzGDftkDYzQhxg+fDWPMnRVzk5EMEw5AU2RghrrJzTWA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-07T05:32:11Z"
|
lastmodified: "2024-09-30T07:47:19Z"
|
||||||
mac: ENC[AES256_GCM,data:wWWjkP5ADCStznOy+REs4ZqjTXVW6BW3Xl2o+OU8PtgBrZWHLJ2eVumVlf3aHZWXlCFOZQ7C8e/bmdSdHJh3vTeZ8tgT54+4d5aXgMc+stj2Cz3EHjAON0nnvO5EeFUsFvdSbQfTz871Wyl9BUlJsDnf+4m3Rl/kUanidOioqxM=,iv:L5vHKzWJ+MVNLsUiJsNh1d6X+It3MkIETi6gqyieYQE=,tag:wJqm4cr2G4j26BDlXnHOUg==,type:str]
|
mac: ENC[AES256_GCM,data:HUMAKRlTgKA6b5G1XP8zoL5T8RPbw2S9F0dPS4YWnjzWhKjVNSguSd6zCH76CW4WMRaWmTNDzZrg/Sb9NuyG+EXWFo+nBME43EGgrSkXcQKhqOg/+r0XLKSpRCRQGvaC1uKRP8hrqTjKg6f7m2husmVRvfY/IQo13wUv3ntBe94=,iv:gJt34Qm4D7Nl40hh/TMXw0CIvqwZlRQoVwzCirXHaxQ=,tag:YoGEH/Pu3u6EDZdd5NdZmg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
Loading…
Reference in a new issue