49 lines
994 B
Nix
49 lines
994 B
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
httpIntPort = 14060;
|
|
dom = "simul.lol";
|
|
user = "xray";
|
|
group = "xray";
|
|
in {
|
|
# depends upon sim-breeze.nix
|
|
services.nginx.virtualHosts.${dom} = {
|
|
locations."/streaming" = {
|
|
proxyPass = "http://127.0.0.1:${toString httpIntPort}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
sops.secrets."svc-xray-settings" = {
|
|
sopsFile = ../../../../secrets/silver/xray.json;
|
|
format = "json";
|
|
name = "svc-xray-settings.json"; # xray needs .json extension
|
|
key = ""; # extract whole file. not nonexistent key `svc-xray-settings`
|
|
|
|
owner = user;
|
|
inherit group;
|
|
};
|
|
|
|
services.xray = {
|
|
enable = true;
|
|
settingsFile = config.sops.secrets."svc-xray-settings".path;
|
|
};
|
|
|
|
# assign user/group to xray
|
|
|
|
users.users.${user} = {
|
|
isSystemUser = true;
|
|
inherit group;
|
|
};
|
|
|
|
users.groups.${group} = {};
|
|
|
|
systemd.services.xray.serviceConfig = {
|
|
User = user;
|
|
Group = group;
|
|
DynamicUser = lib.mkForce false;
|
|
};
|
|
}
|