diff options
| author | Mel <mel@rnrd.eu> | 2026-04-24 03:30:04 +0200 |
|---|---|---|
| committer | Mel <mel@rnrd.eu> | 2026-04-24 03:30:24 +0200 |
| commit | 9e0f725c2d7785a05d044131a97b1e5315e58993 (patch) | |
| tree | f243d6ff4313737d9a7e5fbd052883cb88deaae5 /modules/tunnel | |
| parent | 02eff1a9eff0db1161b83ae6924d8e0892de7477 (diff) | |
| download | network-9e0f725c2d7785a05d044131a97b1e5315e58993.tar.zst network-9e0f725c2d7785a05d044131a97b1e5315e58993.zip | |
Force disable Nginx on tunnel egress nodes
Signed-off-by: Mel <mel@rnrd.eu>
Diffstat (limited to 'modules/tunnel')
| -rw-r--r-- | modules/tunnel/egress.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/tunnel/egress.nix b/modules/tunnel/egress.nix index 7858751..4334f80 100644 --- a/modules/tunnel/egress.nix +++ b/modules/tunnel/egress.nix @@ -7,7 +7,7 @@ }: let - inherit (lib) findFirst; + inherit (lib) findFirst mkForce; # this is the https port, we use it to try to trick dpi into thinking # we are just serving normal encrypted web traffic, nothing interesting! :) @@ -130,4 +130,8 @@ in enable = true; settingsFile = "/run/xray-configuration/xray.json"; }; + + # nginx can not run on an egress node because xray has to run on port 443. + services.nginx.enable = mkForce false; + systemd.services.nginx.enable = mkForce false; } |