sing-box: add more servers

2023-11-30 12:07:23 +08:00 · 2023-11-30 12:07:23 +08:00 · 12bb3e13c8
commit 12bb3e13c8
parent 500ad4be63
5 changed files with 54 additions and 42 deletions
--- a/flake.lock
+++ b/flake.lock
@ -74,11 +74,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1700087144,
-        "narHash": "sha256-LJP1RW0hKNWmv2yRhnjkUptMXInKpn/rV6V6ofuZkHU=",
+        "lastModified": 1701071203,
+        "narHash": "sha256-lQywA7QU/vzTdZ1apI0PfgCWNyQobXUYghVrR5zuIeM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "ab1459a1fb646c40419c732d05ec0bf2416d4506",
+        "rev": "db1878f013b52ba5e4034db7c1b63e8d04173a86",
        "type": "github"
      },
      "original": {
@ -96,11 +96,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1700097605,
-        "narHash": "sha256-nVqtih7bV5zso/y8tCSYwqmkEdMDU6R5NBb8D7w5mEY=",
+        "lastModified": 1701048169,
+        "narHash": "sha256-gsYFAIDMyXztMl39/EQzIVjQx/7z+0XPuCDhkrF2tbw=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "4192069cbb3f98b114e6f0bc0e7e4720c6c98c09",
+        "rev": "23dfda3e3df1901d38f1efc98d3e90cefd73ff5d",
        "type": "github"
      },
      "original": {
@ -132,11 +132,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1699997707,
-        "narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=",
+        "lastModified": 1701020860,
+        "narHash": "sha256-NwnRn04C8s+hH+KdVtGmVB1FFNIG7DtPJmQSCBDaET4=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9",
+        "rev": "b006ec52fce23b1d57f6ab4a42d7400732e9a0a2",
        "type": "github"
      },
      "original": {
@ -148,11 +148,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1699781429,
-        "narHash": "sha256-UYefjidASiLORAjIvVsUHG6WBtRhM67kTjEY4XfZOFs=",
+        "lastModified": 1700794826,
+        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e44462d6021bfe23dfb24b775cc7c390844f773d",
+        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
        "type": "github"
      },
      "original": {
@ -164,11 +164,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1699994397,
-        "narHash": "sha256-xxNeIcMNMXH2EA9IAX6Cny+50mvY22LhIBiGZV363gc=",
+        "lastModified": 1701053011,
+        "narHash": "sha256-8QQ7rFbKFqgKgLoaXVJRh7Ik5LtI3pyBBCfOnNOGkF0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "d4b5a67bbe9ef750bd2fdffd4cad400dd5553af8",
+        "rev": "5b528f99f73c4fad127118a8c1126b5e003b01a9",
        "type": "github"
      },
      "original": {
@ -180,11 +180,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1699756042,
-        "narHash": "sha256-bHHjQQBsEPOxLL+klYU2lYshDnnWY12SewzQ7n5ab2M=",
+        "lastModified": 1700905716,
+        "narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9502d0245983bb233da8083b55d60d96fd3c29ff",
+        "rev": "dfb95385d21475da10b63da74ae96d89ab352431",
        "type": "github"
      },
      "original": {
@ -196,11 +196,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1699374756,
-        "narHash": "sha256-X21OIoVcJejN9JKoLuoZSx3ZZkMh/iSpJ+GGrSNQyGU=",
+        "lastModified": 1700856099,
+        "narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9b92dad3804b543a8b5db878aabf7132d601fa91",
+        "rev": "0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1",
        "type": "github"
      },
      "original": {
@ -212,11 +212,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1700127871,
-        "narHash": "sha256-Vc+CZ/Ev/MhzYdKGIX/qp8GGiKfztvfL6bJZSW2m6zE=",
+        "lastModified": 1701176534,
+        "narHash": "sha256-AFYe8bkcwYZOBjkbEXzo82jy6hOrduCkoHV9eCPa4NA=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "7cf29aef2e074a1ad6c12a196f3e4a140837f33f",
+        "rev": "1cd0a267b09c8c035e5c32bf9e1017b5ae90bec4",
        "type": "github"
      },
      "original": {
@ -244,11 +244,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1699951338,
-        "narHash": "sha256-1GeczM7XfgHcYGYiYNcdwSFu3E62vmh4d7mffWZvyzE=",
+        "lastModified": 1701127353,
+        "narHash": "sha256-qVNX0wOl0b7+I35aRu78xUphOyELh+mtUp1KBx89K1Q=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "0e3a94167dcd10a47b89141f35b2ff9e04b34c46",
+        "rev": "b1edbf5c0464b4cced90a3ba6f999e671f0af631",
        "type": "github"
      },
      "original": {
--- a/machines/calcite/configuration.nix
+++ b/machines/calcite/configuration.nix
@ -65,7 +65,6 @@
  # Enable the GNOME Desktop Environment.
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;
-  services.xserver.windowManager.icewm.enable = true;

  # Configure keymap in X11
  services.xserver = {
@ -176,8 +175,8 @@

    # Gnome tweaks
    gnomeExtensions.dash-to-dock
-    gnomeExtensions.hide-top-bar
    gnomeExtensions.tray-icons-reloaded
+    gnomeExtensions.paperwm
    gnome.gnome-tweaks
    gthumb

--- a/machines/calcite/network.nix
+++ b/machines/calcite/network.nix
@ -23,8 +23,8 @@

  # Open ports in the firewall.
  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ ];
-  networking.firewall.allowedUDPPorts = [ 41641 ];
+  networking.firewall.allowedTCPPorts = [ 3389 ];
+  networking.firewall.allowedUDPPorts = [ 3389 41641 ];
  networking.firewall.trustedInterfaces = [
    "tun0"
    "tailscale0"
--- a/machines/dolomite/default.nix
+++ b/machines/dolomite/default.nix
@ -38,14 +38,14 @@ in
    };
  };
  networking.firewall.allowedTCPPorts = [ 80 8080 ];
-  networking.firewall.allowedUDPPorts = [ 6311 ];
+  networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314);

  services.sing-box = {
    enable = true;
    settings = {
      inbounds = [
        {
-          tag = "sg1";
+          tag = "sg0";
          type = "trojan";
          listen = "::";
          listen_port = 8080;
@ -56,11 +56,11 @@ in
          ];
          tls = singTls;
        }
-        {
-          tag = "sg2";
+      ] ++ lib.forEach (lib.range 6311 6314) (port: {
+          tag = "sg" + toString (port - 6310);
          type = "tuic";
          listen = "::";
-          listen_port = 6311;
+          listen_port = port;
          congestion_control = "bbr";
          users = [
            { name = "proxy";
@ -69,8 +69,7 @@ in
            }
          ];
          tls = singTls;
-        }
-      ];
+        });
    };
  };
 }
--- a/machines/sing-box.nix
+++ b/machines/sing-box.nix
@ -110,6 +110,10 @@ in
            outbound = "direct";
          }
          { geoip = "private"; outbound = "direct"; }
+          {
+            domain = sg_server;
+            outbound = "direct";
+          }
          { 
            geosite = "cn";
            geoip = "cn";
@ -119,9 +123,9 @@ in
        ];
      };
      outbounds = [ 
-        { tag = "selfhost"; type = "urltest"; outbounds = [ "sg1" "sg2" ]; tolerance = 800; url = "http://www.gstatic.com/generate_204"; interval = "1m0s"; }
-        { tag = "sg1"; type = "trojan"; server = sg_server; server_port = 8080; password = sg_password; tls = { enabled = true; server_name = sg_server; utls = { enabled = true; fingerprint = "firefox"; }; }; }
-        { tag = "sg2"; type = "tuic"; congestion_control = "bbr"; server = sg_server; server_port = 6311; uuid = sg_uuid; password = sg_password; tls = { enabled = true; server_name = sg_server; }; }
+        { tag = "selfhost"; type = "urltest"; outbounds = lib.forEach (lib.range 0 4) (id: "sg" + toString id); tolerance = 800; url = "http://www.gstatic.com/generate_204"; interval = "1m0s"; }
+        { tag = "sg0"; type = "trojan"; server = sg_server; server_port = 8080; password = sg_password; tls = { enabled = true; server_name = sg_server; utls = { enabled = true; fingerprint = "firefox"; }; }; }
+        
        { default = "auto"; outbounds = [ "auto" "selfhost" "direct" "block"]; tag = "_proxy_select"; type = "selector"; }
        { interval = "1m0s"; outbounds = [ "香港SS-01" "香港SS-02" "香港SS-03" "香港SS-04" "日本SS-01" "日本SS-02" "日本SS-03" "美国SS-01" "美国SS-02" "美国SS-03" "台湾SS-01" "台湾SS-02" "台湾SS-03" "台湾SS-04" "香港中继1" "香港中继2" "香港中继3" "香港中继4" "香港中继5" "香港中继6" "香港中继7" "香港中继8" "日本中继1" "日本中继2" "日本中继3" "日本中继4" "美国中继1" "美国中继2" "美国中继3" "美国中继4" "美国中继5" "美国中继6" "美国中继7" "美国中继8" "新加坡中继1" "新加坡中继2" "台湾中继1" "台湾中继2" "台湾中继3" "台湾中继4" "台湾中继5" "台湾中继6" "韩国中继1" "韩国中继2" ]; tag = "auto"; tolerance = 300; type = "urltest"; url = "http://www.gstatic.com/generate_204"; }
        { tag = "direct"; type = "direct"; }
@ -171,7 +175,17 @@ in
        { inherit server uuid; security = "auto"; server_port = 1266; tag = "台湾中继6"; type = "vmess"; }
        { inherit server uuid; security = "auto"; server_port = 1251; tag = "韩国中继1"; type = "vmess"; }
        { inherit server uuid; security = "auto"; server_port = 1252; tag = "韩国中继2"; type = "vmess"; }
-      ];
+      ] ++ lib.forEach (lib.range 6311 6314) (port: {
+        tag = "sg" + toString (port - 6310);
+        type = "tuic";
+        congestion_control = "bbr";
+        server = sg_server;
+        server_port = port;
+        uuid = sg_uuid;
+        password = sg_password;
+        tls = { enabled = true; server_name = sg_server; };
+      });
    };
  };
 }
+