nixos/modules/services/networking/xray.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / xray.nix
at 24.11-pre 2.3 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5{
 6  options = {
 7
 8    services.xray = {
 9      enable = mkOption {
10        type = types.bool;
11        default = false;
12        description = ''
13          Whether to run xray server.
14
15          Either `settingsFile` or `settings` must be specified.
16        '';
17      };
18
19      package = mkPackageOption pkgs "xray" { };
20
21      settingsFile = mkOption {
22        type = types.nullOr types.path;
23        default = null;
24        example = "/etc/xray/config.json";
25        description = ''
26          The absolute path to the configuration file.
27
28          Either `settingsFile` or `settings` must be specified.
29
30          See <https://www.v2fly.org/en_US/config/overview.html>.
31        '';
32      };
33
34      settings = mkOption {
35        type = types.nullOr (types.attrsOf types.unspecified);
36        default = null;
37        example = {
38          inbounds = [{
39            port = 1080;
40            listen = "127.0.0.1";
41            protocol = "http";
42          }];
43          outbounds = [{
44            protocol = "freedom";
45          }];
46        };
47        description = ''
48          The configuration object.
49
50          Either `settingsFile` or `settings` must be specified.
51
52          See <https://www.v2fly.org/en_US/config/overview.html>.
53        '';
54      };
55    };
56
57  };
58
59  config = let
60    cfg = config.services.xray;
61    settingsFile = if cfg.settingsFile != null
62      then cfg.settingsFile
63      else pkgs.writeTextFile {
64        name = "xray.json";
65        text = builtins.toJSON cfg.settings;
66        checkPhase = ''
67          ${cfg.package}/bin/xray -test -config $out
68        '';
69      };
70
71  in mkIf cfg.enable {
72    assertions = [
73      {
74        assertion = (cfg.settingsFile == null) != (cfg.settings == null);
75        message = "Either but not both `settingsFile` and `settings` should be specified for xray.";
76      }
77    ];
78
79    systemd.services.xray = {
80      description = "xray Daemon";
81      after = [ "network.target" ];
82      wantedBy = [ "multi-user.target" ];
83      serviceConfig = {
84        DynamicUser = true;
85        ExecStart = "${cfg.package}/bin/xray -config ${settingsFile}";
86        CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
87        AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE";
88        NoNewPrivileges = true;
89      };
90    };
91  };
92}