RuJect/nixos-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: apply nix fmt

Browse source
This commit is contained in:
Rustam Efimov 2026-04-01 09:54:15 +03:00
parent caa6948199
commit e2bd4444d2
No known key found for this signature in database
47 changed files with 274 additions and 187 deletions
Download patch file Download diff file Expand all files Collapse all files

3
services/xray-3x-ui/firewall.nix
View file

@ -9,7 +9,8 @@ let
port
;
in
with lib; mkIf enable {
with lib;
mkIf enable {
networking.firewall.allowedTCPPorts = [
# Web panel
port

73
services/xray-3x-ui/nginx.nix
View file

@ -2,43 +2,50 @@
lib,
config,
...
}: let
inherit
(config.machine.xray-3x-ui)
}:
let
inherit (config.machine.xray-3x-ui)
enable
port
domain
subscriptions
;
in {
services.nginx.virtualHosts = with lib; mkIf enable {
${domain} = with lib; mkIf (domain != null) {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString port}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
'';
};
in
{
services.nginx.virtualHosts =
with lib;
mkIf enable {
${domain} =
with lib;
mkIf (domain != null) {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString port}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
'';
};
};
${subscriptions.domain} =
with lib;
mkIf (subscriptions.domain != null) {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:2096";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
'';
};
};
};
${subscriptions.domain} = with lib; mkIf (subscriptions.domain != null) {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:2096";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
'';
};
};
};
}

2
services/xray-3x-ui/options.nix
View file

@ -30,4 +30,4 @@ with lib;
description = "Directory to store 3x-ui data.";
};
};
}
}

28
services/xray-3x-ui/service.nix
View file

@ -1,6 +1,11 @@
# See https://github.com/sunmeplz/xray-3x-ui
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
@ -11,8 +16,7 @@ let
minGoVersion = "1.26.0";
xray-3x-ui =
assert assertMsg
(versionAtLeast pkgs.go.version minGoVersion)
assert assertMsg (versionAtLeast pkgs.go.version minGoVersion)
"3x-ui requires Go >= ${minGoVersion}, but ${pkgs.go.version} is available";
pkgs.buildGoModule rec {
@ -28,7 +32,10 @@ let
vendorHash = "sha256-M8YQTMfF/xZut4hxUcAfF2xGK625vwJNp4JS/zoXUCQ=";
ldflags = [ "-s" "-w" ];
ldflags = [
"-s"
"-w"
];
meta = with lib; {
description = "Xray panel supporting multi-protocol multi-user";
@ -39,7 +46,8 @@ let
};
};
in {
in
{
# Service implementation
config = mkIf cfg.enable {
# User and group configuration
@ -85,8 +93,14 @@ in {
Group = "xray-3x-ui";
StateDirectory = "3x-ui 3x-ui/bin 3x-ui/logs";
StateDirectoryMode = "0755";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_NET_ADMIN" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" "CAP_NET_ADMIN" ];
AmbientCapabilities = [
"CAP_NET_BIND_SERVICE"
"CAP_NET_ADMIN"
];
CapabilityBoundingSet = [
"CAP_NET_BIND_SERVICE"
"CAP_NET_ADMIN"
];
};
};