diff options
| author | Mel <mel@rnrd.eu> | 2026-04-22 05:37:39 +0200 |
|---|---|---|
| committer | Mel <mel@rnrd.eu> | 2026-04-22 05:44:35 +0200 |
| commit | e84316120e46345f803c38de53efdda4ab9a8d0f (patch) | |
| tree | 0fd21380e30917dfff3a7e229e701967efb47d20 /modules | |
| parent | cdcbf4599d615253103210bd37f09c2592be0e03 (diff) | |
| download | network-e84316120e46345f803c38de53efdda4ab9a8d0f.tar.zst network-e84316120e46345f803c38de53efdda4ab9a8d0f.zip | |
Extend Xray config generation service
Signed-off-by: Mel <mel@rnrd.eu>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/vpn/egress.nix | 45 |
1 files changed, 26 insertions, 19 deletions
diff --git a/modules/vpn/egress.nix b/modules/vpn/egress.nix index 699d107..fe39880 100644 --- a/modules/vpn/egress.nix +++ b/modules/vpn/egress.nix @@ -77,28 +77,35 @@ in file = path.info.keySecret; }; - # we have to make an xray config on the fly because - # xray does not like reading secrets from specific files, - # it wants them in plain-text! - systemd.services.generate-xray-config = { - before = [ "xray.service" ]; - requiredBy = [ "xray.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p /run/xray-configuration - cp ${xrayConfig} /run/xray-configuration/xray.json + systemd.services = { + # we have to make an xray config on the fly because + # xray does not like reading secrets from specific files, + # it wants them in plain-text! + generate-xray-config = { + description = "Generate Xray configuration"; + wantedBy = [ "multi-user.target" ]; + before = [ "xray.service" ]; + partOf = [ "xray.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p /run/xray-configuration + cp ${xrayConfig} /run/xray-configuration/xray.json - egress_key=$(cat ${config.age.secrets.egress-key.path}) + egress_key=$(cat ${config.age.secrets.egress-key.path}) - # use sd for replacement as a fancy new tool for this - ${pkgs.sd}/bin/sd "@PRIVATE_KEY@" "$egress_key" /run/xray-configuration/xray.json + # use sd for replacement as a fancy new tool for this + ${pkgs.sd}/bin/sd "@PRIVATE_KEY@" "$egress_key" /run/xray-configuration/xray.json + ''; + }; - chown root:xray /run/xray-configuration/xray.json - chmod 640 /run/xray-configuration/xray.json - ''; + xray = { + requires = [ "generate-xray-config.service" ]; + after = [ "generate-xray-config.service" ]; + restartTriggers = [ xrayConfig ]; + }; }; services.xray = { |