From 90b8a5f8b72adcfdea840633c11fb24cce9b8652 Mon Sep 17 00:00:00 2001 From: pazpi Date: Thu, 20 Mar 2025 21:45:22 +0100 Subject: [PATCH] Shadowsocks module --- hosts/shadowshocks/default.nix | 16 ++++++------- modules/networking/default.nix | 1 + modules/networking/shadowsocks.nix | 37 +++++++++++++++++++++++++++++ secrets/shadowshocks-password.age | Bin 667 -> 717 bytes 4 files changed, 45 insertions(+), 9 deletions(-) create mode 100644 modules/networking/shadowsocks.nix diff --git a/hosts/shadowshocks/default.nix b/hosts/shadowshocks/default.nix index a12523e..8a1eaa1 100644 --- a/hosts/shadowshocks/default.nix +++ b/hosts/shadowshocks/default.nix @@ -18,6 +18,13 @@ in my = { networking = { + + shadownsocks = { + enable = true; + port = shadowshocks-port; + passwordFile = config.age.secrets.shadowshocks-password.path; + }; + tailscale = { enable = true; magicDNSDomain = p.domains.tsDns; @@ -34,14 +41,5 @@ in virtualisation.proxmox.enable = true; }; - services.shadowsocks = { - enable = true; - passwordFile = config.age.secrets.shadowshocks-password.path; - port = shadowshocks-port; - }; - - # open shadownsocks port - networking.firewall.allowedTCPPorts = [ shadowshocks-port ]; - system.stateVersion = "24.11"; } diff --git a/modules/networking/default.nix b/modules/networking/default.nix index 75687f9..4229e29 100644 --- a/modules/networking/default.nix +++ b/modules/networking/default.nix @@ -4,6 +4,7 @@ ./caddy.nix ./ddclient.nix ./nas-samba-share.nix + ./shadowsocks.nix ./tailscale.nix ./technitium-dns-server.nix ]; diff --git a/modules/networking/shadowsocks.nix b/modules/networking/shadowsocks.nix new file mode 100644 index 0000000..7d268e9 --- /dev/null +++ b/modules/networking/shadowsocks.nix @@ -0,0 +1,37 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.my.networking.shadowsocks; +in +{ + options.my.networking.shadowsocks = { + enable = lib.mkEnableOption "Enable Shadowsocks relay"; + port = lib.mkOption { + type = lib.types.int; + default = 8388; + description = "Port to listen on"; + }; + passwordFile = lib.mkOption { + type = lib.types.path; + default = "/var/lib/shadowsocks/password"; + description = "File with the Shadowsocks relay access password"; + }; + }; + + config = lib.mkIf cfg.enable { + + services.shadowsocks = lib.mkIf cfg.enable { + enable = true; + passwordFile = cfg.passwordFile; + port = cfg.port; + }; + + # open shadownsocks port + networking.firewall.allowedTCPPorts = [ cfg.port ]; + }; + +} diff --git a/secrets/shadowshocks-password.age b/secrets/shadowshocks-password.age index 8cecabd778d85a3884fada33cade12df0a08925e..e34bc16201aeaad295859cc188f277ff80300409 100644 GIT binary patch delta 627 zcmbQudX{y9PQ7bczEfbjg}-T-bEUaQl}|-kMV?`nTTyyyYDr+Fsjs(xwxhYPk-wu; zBv(aMRc?TPU|CUwr+!gVijRR&U}{0We`HEnj&D$bXR1k}Yofb(pt)b zj%E7ZrLL*vd8w|UIVH*ZE+N@ImWCNlM#hGLMv0EWZhpDti5@1C;~B-njg6d3Qk*kO ze0&V53=-X3D^najQ!BhmlCoXhGlNVliUZA!3R6mwoU%>0Jj)D>Qk_Bz3f+=J{7ke< zoB~bEs!9T#lQQ#4{gNuoeUiMKsv_Jg`aZgJ#HH}Iu zxAfJ|3aE;#Gf$V+o}E-t9B(9gR9p%_%OMhzja&J3j9>x=V_fNHV zU3kIUiM}@4HER_w*<2DxeN|t~?|g&vO2i4})4uz!m7fYbTzb-H-oca~uXnw_y1qtv Q)4UDY4jr>=e^)#K0B5+|ZvX%Q delta 577 zcmX@hI-7NZPJKaOwuiQUPJxS;zHgqVrMXjKP@;LVNnTlCXuf%QZkfM9vQt_?a(=o~ zHkX^eMP*7+c#uK9Pq=4UfwNIwv13SqZ>Dx&xu0Q?S7=eOxw)I8r?zvk0hg|wLUD11 zZfc5=si~o*LU5*WsCT(ST4qUjW=UpHMy6$&S7fG%fm?WZwzGL?glnR9vZ;$(n2S%U zw@0eCqhDA#m!)Z1zP3e5TB=DwZl$)fscV#xc4SpxWt5wnce<%ZXh=wfhi|A;VrZnn z#E;_PRnGdR!G^^K0a2O7iRM{`A;$iuxf%ZX$*Crm?kVV2pYhUFDS#y%AWnQ5Vu;~B-nLwzDjEvg(V ztBjLE%Df8QN>fT*OQTX9wL{%P@{d8!b;~s1s_-cZ_6#U<_byHjbqzBQ%dZT|NGf&D%TA2U z3HJ@mNXajXjB+$~D~&4V($&>fFg6Y_HPMeU_wh0E&#%bMPc5`4GYhD4Dadv#bTT(f zb@mUoFwEAj@bi!KxE*6RWSSb4*Zs@XbUs74%AQKG PLg&>>zjju|6te*U@BqPi