first xray

This commit is contained in:
kp2pml30 2025-10-18 12:43:35 +09:00
parent bbacfb100e
commit c2106ca1a6
Signed by: kp2pml30
GPG key ID: CD6528BAC23E3E34
18 changed files with 482 additions and 29 deletions

21
nix/server/xray.nix Normal file
View file

@ -0,0 +1,21 @@
{ config
, pkgs
, lib
, ...
}:
let
cfg = config.kp2pml30.server;
ports = config.kp2pml30.server.ports;
in lib.mkIf cfg.xray {
services.xray = {
enable = true;
settingsFile = "/run/secrets/xray-config.json";
};
# Ensure xray can read the certificates
users.users.xray.extraGroups = [ "nginx" ];
# Ensure the xray service starts after ACME certificates are available
systemd.services.xray.after = [ "acme-${cfg.hostname}.service" ];
systemd.services.xray.wants = [ "acme-${cfg.hostname}.service" ];
}