add xray

modules/xray.nix

@@ -0,0 +1,78 @@
+{ config, lib, pkgs, ... }:
+with lib; {
+  options = {
+    services.xray = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to run xray server.
+          Either <literal>configFile</literal> or <literal>config</literal> must be specified.
+        '';
+      };
+      package = mkOption {
+        type = types.package;
+        default = pkgs.xray-core;
+        defaultText = literalExpression "pkgs.xray-core";
+        description = ''
+          Which xray package to use.
+        '';
+      };
+      configFile = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "/etc/xray/config.json";
+        description = ''
+          The absolute path to the configuration file.
+          Either <literal>configFile</literal> or <literal>config</literal> must be specified.
+        '';
+      };
+      config = mkOption {
+        type = types.nullOr (types.attrsOf types.unspecified);
+        default = null;
+        example = {
+          inbounds = [{
+            port = 1080;
+            listen = "127.0.0.1";
+            protocol = "http";
+          }];
+          outbounds = [{
+            protocol = "freedom";
+          }];
+        };
+        description = ''
+          The configuration object.
+          Either `configFile` or `config` must be specified.
+        '';
+      };
+    };
+  };
+
+  config = let
+    cfg = config.services.xray;
+    configFile = if cfg.configFile != null
+      then cfg.configFile
+      else pkgs.writeTextFile {
+        name = "xray.json";
+        text = builtins.toJSON cfg.config;
+        checkPhase = ''
+          ${cfg.package}/bin/xray run -test -format=json -config $out
+        '';
+      };
+  in mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = (cfg.configFile == null) != (cfg.config == null);
+        message = "Either but not both `configFile` and `config` should be specified for xray.";
+      }
+    ];
+    systemd.services.xray = {
+      description = "Xray Daemon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = "${cfg.package}/bin/xray run -format=json -config ${configFile}";
+      };
+    };
+  };
+}

profiles/overlay.nix

@@ -33,6 +33,7 @@ with lib; {
         vscode = master.vscode;
         vscode-fhs = master.vscode-fhs;
         xonar-fp = pkgs.callPackage ./packages/xonar-fp.nix { };
+        xray-core = pkgs.callPackage ./packages/xray-core.nix { };
         youtube-to-mpv = pkgs.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
         vivaldi = master.vivaldi;
         wine = super.wineWowPackages.staging;

profiles/packages/xray-core.nix

@@ -0,0 +1,88 @@
+{ lib, fetchFromGitHub, fetchurl, linkFarm, buildGoModule, runCommand, makeWrapper, nixosTests
+, assetOverrides ? {}
+}:
+
+let
+  version = "1.5.4";
+
+  src = fetchFromGitHub {
+    owner = "XTLS";
+    repo = "Xray-core";
+    rev = "v${version}";
+    sha256 = "068i2sdykmr7xznsvq5d80ivzkmmnd8gy3v90n8g8h7aqkgx25w6";
+  };
+
+  vendorSha256 = "sha256-ZFbYUybbKKqmFz7mi7QpgaRj0i7is4iM/aBbPAqCuSM=";
+
+  assets = {
+    # MIT licensed
+    "geoip.dat" = let
+      geoipRev = "202203170039";
+      geoipSha256 = "1j76akll181xnrgrs032sri3m7azjmzql27bjsyycln0zgg87h8j";
+    in fetchurl {
+      url = "https://github.com/v2fly/geoip/releases/download/${geoipRev}/geoip.dat";
+      sha256 = geoipSha256;
+    };
+
+    # MIT licensed
+    "geosite.dat" = let
+      geositeRev = "20220320175821";
+      geositeSha256 = "11j7j4hmzfr2l3zwa2xlinjdqmsfjg4952qzkw1qwrafifrarzvf";
+    in fetchurl {
+      url = "https://github.com/v2fly/domain-list-community/releases/download/${geositeRev}/dlc.dat";
+      sha256 = geositeSha256;
+    };
+
+  } // assetOverrides;
+
+  assetsDrv = linkFarm "Xray-assets" (lib.mapAttrsToList (name: path: {
+    inherit name path;
+  }) assets);
+
+  core = buildGoModule rec {
+    pname = "Xray-core";
+    inherit version src;
+
+    inherit vendorSha256;
+
+    doCheck = false;
+
+    buildPhase = ''
+      buildFlagsArray=(-v -p $NIX_BUILD_CORES -ldflags="-s -w")
+      runHook preBuild
+      go build "''${buildFlagsArray[@]}" -o xray ./main
+      runHook postBuild
+    '';
+
+    installPhase = ''
+      install -Dm755 xray -t $out/bin
+    '';
+
+    meta = {
+      homepage = "https://github.com/XTLS/Xray-core";
+      description = "Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.";
+      license = with lib.licenses; [ mpl20 ];
+      # maintainers = with lib.maintainers; [ servalcatty ];
+    };
+  };
+
+in runCommand "Xray-${version}" {
+  inherit src version;
+  inherit (core) meta;
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  passthru = {
+    inherit core;
+    # updateScript = ./update.sh;
+    tests = {
+      simple-vmess-proxy-test = nixosTests.Xray;
+    };
+  };
+
+} ''
+  for file in ${core}/bin/*; do
+    makeWrapper "$file" "$out/bin/$(basename "$file")" \
+      --set-default XRAY_LOCATION_ASSET ${assetsDrv}
+  done
+''

profiles/workspace/proxy.nix

@@ -0,0 +1,9 @@
+{ config, pkgs, lib, ... }: {
+  secrets.xray-config = {};
+
+  services.xray = {
+    enable = true;
+    configFile = config.secrets.xray-config.decrypted;
+  };
+
+}

profiles/workspace/tor.nix

@@ -1,10 +0,0 @@
-{ config, pkgs, lib, ... }: {
-  services.tor = {
-    enable = true;
-    client.enable = true;
-  };
-  services.privoxy = {
-    enable = true;
-    enableTor = true;
-  };
-}

roles/desktop.nix

@@ -3,6 +3,8 @@
     ./base.nix
     inputs.base16.hmModule
 
+    xray
+
     applications-setup
     filesystems
     hardware
@@ -41,7 +43,7 @@
     nix-index
     picom
     print-scan
-    tor
+    proxy
     sway
   ];
 }