Force disable Nginx on tunnel egress nodes

Signed-off-by: Mel <mel@rnrd.eu>
author: Mel <mel@rnrd.eu> 2026-04-24 03:30:04 +0200
committer: Mel <mel@rnrd.eu> 2026-04-24 03:30:24 +0200
commit: 9e0f725c2d7785a05d044131a97b1e5315e58993 (patch)
tree: f243d6ff4313737d9a7e5fbd052883cb88deaae5 /modules/tunnel/egress.nix
parent: 02eff1a9eff0db1161b83ae6924d8e0892de7477 (diff)
download: network-9e0f725c2d7785a05d044131a97b1e5315e58993.tar.zst
network-9e0f725c2d7785a05d044131a97b1e5315e58993.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/tunnel/egress.nix b/modules/tunnel/egress.nix
index 7858751..4334f80 100644
--- a/modules/tunnel/egress.nix
+++ b/modules/tunnel/egress.nix
@@ -7,7 +7,7 @@
 }:
 
 let
-  inherit (lib) findFirst;
+  inherit (lib) findFirst mkForce;
 
   # this is the https port, we use it to try to trick dpi into thinking
   # we are just serving normal encrypted web traffic, nothing interesting! :)
@@ -130,4 +130,8 @@ in
     enable = true;
     settingsFile = "/run/xray-configuration/xray.json";
   };
+
+  # nginx can not run on an egress node because xray has to run on port 443.
+  services.nginx.enable = mkForce false;
+  systemd.services.nginx.enable = mkForce false;
 }
author	Mel <mel@rnrd.eu>	2026-04-24 03:30:04 +0200
committer	Mel <mel@rnrd.eu>	2026-04-24 03:30:24 +0200
commit	9e0f725c2d7785a05d044131a97b1e5315e58993 (patch)
tree	f243d6ff4313737d9a7e5fbd052883cb88deaae5 /modules/tunnel/egress.nix
parent	02eff1a9eff0db1161b83ae6924d8e0892de7477 (diff)
download	network-9e0f725c2d7785a05d044131a97b1e5315e58993.tar.zst network-9e0f725c2d7785a05d044131a97b1e5315e58993.zip