diff --git a/secrets/OVHCloud.yaml b/secrets/OVHCloud.yaml index 998fd2a..7237a0b 100644 --- a/secrets/OVHCloud.yaml +++ b/secrets/OVHCloud.yaml @@ -5,6 +5,8 @@ caddy: ovh_consumer_key: ENC[AES256_GCM,data:oFLHB7obwz3F59Vt8LRxpKaHBjEaoYCrKLKPoqVHz4M=,iv:rXxR2Nv3YaT2QubZUqIi60RxaHe9ZaIT9hLiogbPVFw=,tag:5m+xXEUbN+a2fHCf+EXf9A==,type:str] garage: RPC_SECRET: ENC[AES256_GCM,data:OJbIST1mtpqMNk+MKnGFy6+tXjc6aEOMIWnfs8QY9ozpxN2apAN7ZrjAAZc3J7ORUIhUQh8Vjkb1EhxdqGxERA==,iv:NhREhGE0wz3/0sdXUxuDqWaPdjeeQFau2OEVsqpV3F0=,tag:yGYd5txtVQzIOchh2L/XXQ==,type:str] +shadowsocks: + password: ENC[AES256_GCM,data:IdAvKXKckwvZUetkYSFTIPxd8nrwm13Ngc3KVDSmiW3AE4Rhmjk2VHjdUyQ=,iv:LVeQcL7XIEQyMTsXpXIROGte2+Z9+7FpemfiwhA0Pw0=,tag:qt+8jgN5UqwMeCV+D3stEQ==,type:str] wireguard: private_key: ENC[AES256_GCM,data:fjaBcBplx4IOrbnT8PZwUl6m4j4sdiObJYJXSrzCOqXcL3Qyymj4HUPSBuM=,iv:4XVH1d0/PTfVHKtDoziOD3b+TGXafNEGNgqAUtQsoD8=,tag:c/9AQO5TmLPGvIRN59KMZg==,type:str] public_key: ENC[AES256_GCM,data:zHQkA3wu7Kn9wnODn65zHKGX3qBvhRa0H/cSlg/8TjyTNtaMgY3Y0RiQEr4=,iv:kaWxt11DR4jZzgfoA7PDg/wPc6VqSoyuFU4KllOzZjY=,tag:acA0M4Eq0AR4FjFJZ4l13w==,type:str] @@ -32,8 +34,8 @@ sops: MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-02T06:58:48Z" - mac: ENC[AES256_GCM,data:REJysIueXjjxMVFMNNR3gyuRJgbDmerIo/Fb8I+QP4812sa7wAWCx7caaeUVXmbIjyX0qEVwMocav2vTgL4GnwSmKK9EpOUb8WoV3ZzTqzhbEGD5frE6fEVvvnOMwhtrh3K2KuMUmy4VkWI34naSel+pzvYa5Tfu7n+YvNyfhW4=,iv:onGPouQFfMO+X1q2rMsaV9oR3l86k3J7wY7bQNJp8wY=,tag:L4RM66rRWFQKpIeSC7mQyA==,type:str] + lastmodified: "2024-10-02T07:32:18Z" + mac: ENC[AES256_GCM,data:0fwZxJO2LKpwV4+IYbBSyrqcQt4RrqlF/2OM8vP+3B/AI3Ny6LSP851IXdwzIMtMLiGBnvl787sXmZWPcUaizq3XmQR7t9lX/q4WkgVIDZ5JQtmHc4TSYDIxECBAQ5P4V6CNsUw3gjC5X4OSLtSfil/pAXbcMFKdlVLgP4S6wMU=,iv:UlJPlLFx2y/YJQWEDCY4NyqkZuQjNH8yCeELzoa3IoU=,tag:JI1tTnMSnQiWXVZmqb+ykA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/services/shadowsocks/default.nix b/services/shadowsocks/default.nix new file mode 100644 index 0000000..0703dee --- /dev/null +++ b/services/shadowsocks/default.nix @@ -0,0 +1,43 @@ +{ + config, + pkgs, + ... +}: let + port = "8388"; +in { + sops.secrets."shadowsocks/password".owner = "root"; + sops.templates."shadowsocks/config.json" = { + content = '' + { + "server": "0.0.0.0", + "server_port": ${port}, + "password": "${config.sops.placeholder."shadowsocks/password"}", + "method": "aes-256-gcm", + "timeout": 300, + "plugin": "${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin", + "plugin_opts":"server;loglevel=none", + + "local_port": ${port}, + "local_address": "127.0.0.1" + } + ''; + owner = "root"; + }; + + services.caddy.virtualHosts."shadowsocks.gasdev.fr".extraConfig = '' + reverse_proxy http://127.0.0.1:${port} + ''; + + systemd.services = { + shadowsocks = { + description = "Shadowsocks tunnel"; + after = ["network-online.target"]; + wants = ["network-online.target"]; + enable = true; + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.shadowsocks-rust}/bin/ssserver -c ${config.sops.templates."shadowsocks/config.json".path}"; + }; + }; + }; +}