From 12bb3e13c82f5c802b8fc25cbac64084cdce9229 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Thu, 30 Nov 2023 12:07:23 +0800 Subject: [PATCH] sing-box: add more servers --- flake.lock | 54 +++++++++++++++--------------- machines/calcite/configuration.nix | 3 +- machines/calcite/network.nix | 4 +-- machines/dolomite/default.nix | 13 ++++--- machines/sing-box.nix | 22 +++++++++--- 5 files changed, 54 insertions(+), 42 deletions(-) diff --git a/flake.lock b/flake.lock index a84647f..6f3a0f9 100644 --- a/flake.lock +++ b/flake.lock @@ -74,11 +74,11 @@ ] }, "locked": { - "lastModified": 1700087144, - "narHash": "sha256-LJP1RW0hKNWmv2yRhnjkUptMXInKpn/rV6V6ofuZkHU=", + "lastModified": 1701071203, + "narHash": "sha256-lQywA7QU/vzTdZ1apI0PfgCWNyQobXUYghVrR5zuIeM=", "owner": "nix-community", "repo": "home-manager", - "rev": "ab1459a1fb646c40419c732d05ec0bf2416d4506", + "rev": "db1878f013b52ba5e4034db7c1b63e8d04173a86", "type": "github" }, "original": { @@ -96,11 +96,11 @@ ] }, "locked": { - "lastModified": 1700097605, - "narHash": "sha256-nVqtih7bV5zso/y8tCSYwqmkEdMDU6R5NBb8D7w5mEY=", + "lastModified": 1701048169, + "narHash": "sha256-gsYFAIDMyXztMl39/EQzIVjQx/7z+0XPuCDhkrF2tbw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4192069cbb3f98b114e6f0bc0e7e4720c6c98c09", + "rev": "23dfda3e3df1901d38f1efc98d3e90cefd73ff5d", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1699997707, - "narHash": "sha256-ugb+1TGoOqqiy3axyEZpfF6T4DQUGjfWZ3Htry1EfvI=", + "lastModified": 1701020860, + "narHash": "sha256-NwnRn04C8s+hH+KdVtGmVB1FFNIG7DtPJmQSCBDaET4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "5689f3ebf899f644a1aabe8774d4f37eb2f6c2f9", + "rev": "b006ec52fce23b1d57f6ab4a42d7400732e9a0a2", "type": "github" }, "original": { @@ -148,11 +148,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1699781429, - "narHash": "sha256-UYefjidASiLORAjIvVsUHG6WBtRhM67kTjEY4XfZOFs=", + "lastModified": 1700794826, + "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e44462d6021bfe23dfb24b775cc7c390844f773d", + "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8", "type": "github" }, "original": { @@ -164,11 +164,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1699994397, - "narHash": "sha256-xxNeIcMNMXH2EA9IAX6Cny+50mvY22LhIBiGZV363gc=", + "lastModified": 1701053011, + "narHash": "sha256-8QQ7rFbKFqgKgLoaXVJRh7Ik5LtI3pyBBCfOnNOGkF0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d4b5a67bbe9ef750bd2fdffd4cad400dd5553af8", + "rev": "5b528f99f73c4fad127118a8c1126b5e003b01a9", "type": "github" }, "original": { @@ -180,11 +180,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1699756042, - "narHash": "sha256-bHHjQQBsEPOxLL+klYU2lYshDnnWY12SewzQ7n5ab2M=", + "lastModified": 1700905716, + "narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9502d0245983bb233da8083b55d60d96fd3c29ff", + "rev": "dfb95385d21475da10b63da74ae96d89ab352431", "type": "github" }, "original": { @@ -196,11 +196,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1699374756, - "narHash": "sha256-X21OIoVcJejN9JKoLuoZSx3ZZkMh/iSpJ+GGrSNQyGU=", + "lastModified": 1700856099, + "narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b92dad3804b543a8b5db878aabf7132d601fa91", + "rev": "0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1", "type": "github" }, "original": { @@ -212,11 +212,11 @@ }, "nur": { "locked": { - "lastModified": 1700127871, - "narHash": "sha256-Vc+CZ/Ev/MhzYdKGIX/qp8GGiKfztvfL6bJZSW2m6zE=", + "lastModified": 1701176534, + "narHash": "sha256-AFYe8bkcwYZOBjkbEXzo82jy6hOrduCkoHV9eCPa4NA=", "owner": "nix-community", "repo": "NUR", - "rev": "7cf29aef2e074a1ad6c12a196f3e4a140837f33f", + "rev": "1cd0a267b09c8c035e5c32bf9e1017b5ae90bec4", "type": "github" }, "original": { @@ -244,11 +244,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1699951338, - "narHash": "sha256-1GeczM7XfgHcYGYiYNcdwSFu3E62vmh4d7mffWZvyzE=", + "lastModified": 1701127353, + "narHash": "sha256-qVNX0wOl0b7+I35aRu78xUphOyELh+mtUp1KBx89K1Q=", "owner": "Mic92", "repo": "sops-nix", - "rev": "0e3a94167dcd10a47b89141f35b2ff9e04b34c46", + "rev": "b1edbf5c0464b4cced90a3ba6f999e671f0af631", "type": "github" }, "original": { diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index c538867..58221f0 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -65,7 +65,6 @@ # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; - services.xserver.windowManager.icewm.enable = true; # Configure keymap in X11 services.xserver = { @@ -176,8 +175,8 @@ # Gnome tweaks gnomeExtensions.dash-to-dock - gnomeExtensions.hide-top-bar gnomeExtensions.tray-icons-reloaded + gnomeExtensions.paperwm gnome.gnome-tweaks gthumb diff --git a/machines/calcite/network.nix b/machines/calcite/network.nix index 3689211..f0f3e1c 100644 --- a/machines/calcite/network.nix +++ b/machines/calcite/network.nix @@ -23,8 +23,8 @@ # Open ports in the firewall. networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ ]; - networking.firewall.allowedUDPPorts = [ 41641 ]; + networking.firewall.allowedTCPPorts = [ 3389 ]; + networking.firewall.allowedUDPPorts = [ 3389 41641 ]; networking.firewall.trustedInterfaces = [ "tun0" "tailscale0" diff --git a/machines/dolomite/default.nix b/machines/dolomite/default.nix index cf83768..9bb2580 100644 --- a/machines/dolomite/default.nix +++ b/machines/dolomite/default.nix @@ -38,14 +38,14 @@ in }; }; networking.firewall.allowedTCPPorts = [ 80 8080 ]; - networking.firewall.allowedUDPPorts = [ 6311 ]; + networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314); services.sing-box = { enable = true; settings = { inbounds = [ { - tag = "sg1"; + tag = "sg0"; type = "trojan"; listen = "::"; listen_port = 8080; @@ -56,11 +56,11 @@ in ]; tls = singTls; } - { - tag = "sg2"; + ] ++ lib.forEach (lib.range 6311 6314) (port: { + tag = "sg" + toString (port - 6310); type = "tuic"; listen = "::"; - listen_port = 6311; + listen_port = port; congestion_control = "bbr"; users = [ { name = "proxy"; @@ -69,8 +69,7 @@ in } ]; tls = singTls; - } - ]; + }); }; }; } diff --git a/machines/sing-box.nix b/machines/sing-box.nix index 037fa09..fe775f6 100644 --- a/machines/sing-box.nix +++ b/machines/sing-box.nix @@ -110,6 +110,10 @@ in outbound = "direct"; } { geoip = "private"; outbound = "direct"; } + { + domain = sg_server; + outbound = "direct"; + } { geosite = "cn"; geoip = "cn"; @@ -119,9 +123,9 @@ in ]; }; outbounds = [ - { tag = "selfhost"; type = "urltest"; outbounds = [ "sg1" "sg2" ]; tolerance = 800; url = "http://www.gstatic.com/generate_204"; interval = "1m0s"; } - { tag = "sg1"; type = "trojan"; server = sg_server; server_port = 8080; password = sg_password; tls = { enabled = true; server_name = sg_server; utls = { enabled = true; fingerprint = "firefox"; }; }; } - { tag = "sg2"; type = "tuic"; congestion_control = "bbr"; server = sg_server; server_port = 6311; uuid = sg_uuid; password = sg_password; tls = { enabled = true; server_name = sg_server; }; } + { tag = "selfhost"; type = "urltest"; outbounds = lib.forEach (lib.range 0 4) (id: "sg" + toString id); tolerance = 800; url = "http://www.gstatic.com/generate_204"; interval = "1m0s"; } + { tag = "sg0"; type = "trojan"; server = sg_server; server_port = 8080; password = sg_password; tls = { enabled = true; server_name = sg_server; utls = { enabled = true; fingerprint = "firefox"; }; }; } + { default = "auto"; outbounds = [ "auto" "selfhost" "direct" "block"]; tag = "_proxy_select"; type = "selector"; } { interval = "1m0s"; outbounds = [ "香港SS-01" "香港SS-02" "香港SS-03" "香港SS-04" "日本SS-01" "日本SS-02" "日本SS-03" "美国SS-01" "美国SS-02" "美国SS-03" "台湾SS-01" "台湾SS-02" "台湾SS-03" "台湾SS-04" "香港中继1" "香港中继2" "香港中继3" "香港中继4" "香港中继5" "香港中继6" "香港中继7" "香港中继8" "日本中继1" "日本中继2" "日本中继3" "日本中继4" "美国中继1" "美国中继2" "美国中继3" "美国中继4" "美国中继5" "美国中继6" "美国中继7" "美国中继8" "新加坡中继1" "新加坡中继2" "台湾中继1" "台湾中继2" "台湾中继3" "台湾中继4" "台湾中继5" "台湾中继6" "韩国中继1" "韩国中继2" ]; tag = "auto"; tolerance = 300; type = "urltest"; url = "http://www.gstatic.com/generate_204"; } { tag = "direct"; type = "direct"; } @@ -171,7 +175,17 @@ in { inherit server uuid; security = "auto"; server_port = 1266; tag = "台湾中继6"; type = "vmess"; } { inherit server uuid; security = "auto"; server_port = 1251; tag = "韩国中继1"; type = "vmess"; } { inherit server uuid; security = "auto"; server_port = 1252; tag = "韩国中继2"; type = "vmess"; } - ]; + ] ++ lib.forEach (lib.range 6311 6314) (port: { + tag = "sg" + toString (port - 6310); + type = "tuic"; + congestion_control = "bbr"; + server = sg_server; + server_port = port; + uuid = sg_uuid; + password = sg_password; + tls = { enabled = true; server_name = sg_server; }; + }); }; }; } +