pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Add Shadowsocks proxy service

Browse source
This commit is contained in:
pazpi 2025-03-16 17:53:06 +01:00
parent 854b6374d7
commit 26165af972
7 changed files with 70 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hosts/default.nix
View file

@ -199,4 +199,16 @@ in
]; ];
# specialArgs = { }; # specialArgs = { };
}; };
shadowshocks = nixpkgs.lib.nixosSystem {
pkgs = pkgs "x86_64-linux";
modules = [
myModules
proxmoxModule
./shadowshocks
agenix.nixosModules.default
];
# specialArgs = { };
};
} }

10
hosts/deployments.nix
View file

@ -116,6 +116,16 @@ in
]; ];
}; };
shadowshocks.deployment = {
targetHost = hosts.shadowshocks;
tags = [
"lxc"
"bacco"
"shadowshocks"
];
};
deadbeef.deployment = { deadbeef.deployment = {
allowLocalDeployment = true; allowLocalDeployment = true;
targetHost = null; targetHost = null;

1
hosts/parameters.nix
View file

@ -12,6 +12,7 @@
colmena = "colmena.internal"; colmena = "colmena.internal";
dns01 = "192.168.1.2"; dns01 = "192.168.1.2";
dns02 = "192.168.1.3"; dns02 = "192.168.1.3";
shadowshocks = "shadowshocks.internal";
}; };
domains = { domains = {
public = "pasetto.me"; public = "pasetto.me";

29
hosts/shadowshocks/default.nix Normal file
View file

@ -0,0 +1,29 @@
{
config,
pkgs,
lib,
...
}:
{
age.secrets.shadowshocks-password.file = ../../secrets/shadowshocks-password.age;
my = {
utils = {
commons.enable = true;
commons.gc.enable = true;
lxc-standard.enable = true;
};
virtualisation.proxmox.enable = true;
};
services.shadowsocks = {
enable = true;
passwordFile = config.age.secrets.shadowshocks-password.path;
port = 8388;
};
system.stateVersion = "24.11";
}

1
secrets.nix
View file

@ -26,6 +26,7 @@ let
dns01-admin-password = [ machines.dns01 ]; dns01-admin-password = [ machines.dns01 ];
dns02-admin-password = [ machines.dns02 ]; dns02-admin-password = [ machines.dns02 ];
dns02-dhcp-failover = [ machines.dns02 ]; dns02-dhcp-failover = [ machines.dns02 ];
shadowshocks-password = [ machines.shadowshocks ];
}; };
in in
builtins.listToAttrs ( builtins.listToAttrs (

13
secrets/shadowshocks-password.age Normal file
View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 HvFEmA Sgw7itnDakJJZVEGnk05/nLyX3iWD11/ecFUajNa5CY
iyr7PaWsI8f7AuegC8fuzLbEDLtZTrSUtf1wW/r2zcU
-> ssh-ed25519 Si3UKw ordExftJbU34g6aLRvMeq9MxWCzewdqP9jZ4KDR9vxk
POyBfD2B0jzEgiC8uD30zFmW/gbPoQvZTSPuBDqUS8c
-> ssh-ed25519 3UG3uw uNqAwETfOBrLlW94SjOx/rjvvfsjmQKyrrz4hdJLwSU
0LKAJee5MFnchg9mwnE8mm/3q4g5a0qUn6NgvA0USys
-> ssh-ed25519 JEhtoQ opRX4YguKxB894OOt/pfEOJ2Ae5JDzo8Kger1vdBST8
W/TRgFFZKoMV/0P4pmZbzthr7tSv4o2HUlYq8pAETV0
-> ssh-ed25519 uqg2jw D35Xr71KPyotnlwoRX42cpWAFR/8IT+njHk2YV8immQ
M/Kmj5tHAhXMHiQyqVUN2cmo6p7MgcPKXg/Bup2+rsU
--- TKPGfD9QO8HTMcvlIqpXVxr0JOPgAhA/q/BfJHz2rEQ
FeGxÜ<­ï(¿…ømj—au<X>²Ù·3Ûþ»dkížçBßÖ+

4
ssh-keys.nix
View file

@ -19,6 +19,7 @@ rec {
auth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsSQbXHRt+MpUh+YQxd5p6YPnbbWR/4ylz/pXjdZ9Bs"; auth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsSQbXHRt+MpUh+YQxd5p6YPnbbWR/4ylz/pXjdZ9Bs";
dns01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7BdiP/dCE6FHoJylcBKQ5AXz06UpLHNyeuvfLVccSi"; dns01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7BdiP/dCE6FHoJylcBKQ5AXz06UpLHNyeuvfLVccSi";
dns02 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+HIq6/ebjiv71xDozdOTn5AdnXgr1fGqIzXnH7Not+"; dns02 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+HIq6/ebjiv71xDozdOTn5AdnXgr1fGqIzXnH7Not+";
shadowshocks = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ4qYaS5ccciH7BNyrF5+J3d4JtHJNr1R256/ulEtxl";
}; };
# Machines able to provision other machines # Machines able to provision other machines
@ -31,8 +32,11 @@ rec {
# Machines in tailscale network # Machines in tailscale network
tailscale-machine = [ tailscale-machine = [
machines.arr
machines.auth
machines.caddy machines.caddy
machines.metrics machines.metrics
machines.shadowshocks
]; ];
# Machines provisioned with Colmena # Machines provisioned with Colmena