summary refs log tree commit diff
path: root/modules/vpn
diff options
context:
space:
mode:
Diffstat (limited to 'modules/vpn')
-rw-r--r--modules/vpn/egress.nix45
1 files changed, 26 insertions, 19 deletions
diff --git a/modules/vpn/egress.nix b/modules/vpn/egress.nix
index 699d107..fe39880 100644
--- a/modules/vpn/egress.nix
+++ b/modules/vpn/egress.nix
@@ -77,28 +77,35 @@ in
     file = path.info.keySecret;
   };
 
-  # we have to make an xray config on the fly because
-  # xray does not like reading secrets from specific files,
-  # it wants them in plain-text!
-  systemd.services.generate-xray-config = {
-    before = [ "xray.service" ];
-    requiredBy = [ "xray.service" ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-    };
-    script = ''
-      mkdir -p /run/xray-configuration
-      cp ${xrayConfig} /run/xray-configuration/xray.json
+  systemd.services = {
+    # we have to make an xray config on the fly because
+    # xray does not like reading secrets from specific files,
+    # it wants them in plain-text!
+    generate-xray-config = {
+      description = "Generate Xray configuration";
+      wantedBy = [ "multi-user.target" ];
+      before = [ "xray.service" ];
+      partOf = [ "xray.service" ];
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+      };
+      script = ''
+        mkdir -p /run/xray-configuration
+        cp ${xrayConfig} /run/xray-configuration/xray.json
 
-      egress_key=$(cat ${config.age.secrets.egress-key.path})
+        egress_key=$(cat ${config.age.secrets.egress-key.path})
 
-      # use sd for replacement as a fancy new tool for this
-      ${pkgs.sd}/bin/sd "@PRIVATE_KEY@" "$egress_key" /run/xray-configuration/xray.json
+        # use sd for replacement as a fancy new tool for this
+        ${pkgs.sd}/bin/sd "@PRIVATE_KEY@" "$egress_key" /run/xray-configuration/xray.json
+      '';
+    };
 
-      chown root:xray /run/xray-configuration/xray.json
-      chmod 640 /run/xray-configuration/xray.json
-    '';
+    xray = {
+      requires = [ "generate-xray-config.service" ];
+      after = [ "generate-xray-config.service" ];
+      restartTriggers = [ xrayConfig ];
+    };
   };
 
   services.xray = {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 12:38:57 +0000