rust pobeda

This commit is contained in:
Aleksandr 2025-06-08 23:40:41 +00:00
parent 1bc03bdb14
commit 5cd0ded292
59 changed files with 1185 additions and 1389 deletions

8
modules/vpn/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }:
{
imports = [
./hft.nix
./shadowsocks.nix
];
}

19
modules/vpn/hft.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
let
secrets = config.sops.secrets;
in
{
sops.secrets."work/ovpn".sopsFile = ../../secrets/work.yaml;
sops.secrets."work/password".sopsFile = ../../secrets/work.yaml;
services.openvpn.servers.hft = {
autoStart = false;
updateResolvConf = true;
config = ''
config ${secrets."work/ovpn".path}
askpass ${secrets."work/password".path}
'';
};
systemd.services.openvpn-hft.requires = ["yor-proxy.service"];
}

View file

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
let
secrets = config.sops.secrets;
yorCfg = secrets."viendesu/shadowsocks/yor".path;
in
{
sops.secrets = {
"viendesu/shadowsocks/gneg".sopsFile = ../../secrets/viendesu.yaml;
"viendesu/shadowsocks/yor".sopsFile = ../../secrets/viendesu.yaml;
};
systemd.services.yor-proxy = {
after = [ "network.target" ];
description = "`Yor` shadowsocks";
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.shadowsocks-rust}/bin/sslocal --config ${yorCfg}'';
};
};
}