flake/users/guanranwang/nixos/presets/core/clash-meta-client.nix

{
  pkgs,
  config,
  inputs,
  ...
}: let
  etcDirectory = "clash-meta";
in {
  imports = [
    ../../../../../flakes/nixos/sops-nix.nix
  ];

  ### sops-nix
  sops.secrets."clash-config" = {
    owner = config.users.users."clash-meta".name;
    group = config.users.groups."clash-meta".name;
    restartUnits = ["clash-meta.service"];
    path = "/etc/${etcDirectory}/config.yaml";
  };

  ### System proxy settings
  networking.proxy.default = "http://127.0.0.1:7890/";

  ### User running proxy service
  users.groups."clash-meta" = {};
  users.users."clash-meta" = {
    isSystemUser = true;
    group = config.users.groups."clash-meta".name;
  };

  ### Proxy service
  systemd.services."clash-meta" = {
    description = "Clash.Meta Client";
    after = ["network-online.target"];

    wantedBy = ["multi-user.target"];

    serviceConfig = {
      Type = "simple";
      WorkingDirectory = "/etc/${etcDirectory}";
      User = [config.users.users."clash-meta".name];
      Group = [config.users.groups."clash-meta".name];
      ExecStart = "${pkgs.clash-meta}/bin/clash-meta -d /etc/${etcDirectory}";
      Restart = "on-failure";
      CapabilityBoundingSet = [
        "CAP_NET_ADMIN"
        "CAP_NET_BIND_SERVICE"
        "CAP_NET_RAW"
      ];
      AmbientCapabilities = [
        "CAP_NET_ADMIN"
        "CAP_NET_BIND_SERVICE"
        "CAP_NET_RAW"
      ];
    };
  };

  ### Local Clash WebUI
  # You can also use the following website, just in case:
  # - metacubexd:
  #   - GH Pages Custom Domain: http://d.metacubex.one
  #   - GH Pages: https://metacubex.github.io/metacubexd
  #   - Cloudflare Pages: https://metacubexd.pages.dev
  # - yacd (Yet Another Clash Dashboard):
  #   - https://yacd.haishan.me
  # - clash-dashboard (buggy):
  #   - https://clash.razord.top
  environment.etc."${etcDirectory}/metacubexd".source = inputs.metacubexd;
}
initial commit 2023-09-19 00:17:43 +00:00			`{`
flake: format everything using alejandra 2023-11-04 10:14:42 +00:00			`pkgs,`
			`config,`
			`inputs,`
			`...`
			`}: let`
			`etcDirectory = "clash-meta";`
			`in {`
flake: overhaul presets 2023-11-04 10:02:11 +00:00			`imports = [`
			`../../../../../flakes/nixos/sops-nix.nix`
			`];`

			`### sops-nix`
			`sops.secrets."clash-config" = {`
			`owner = config.users.users."clash-meta".name;`
			`group = config.users.groups."clash-meta".name;`
flake: format everything using alejandra 2023-11-04 10:14:42 +00:00			`restartUnits = ["clash-meta.service"];`
flake: overhaul presets 2023-11-04 10:02:11 +00:00			`path = "/etc/${etcDirectory}/config.yaml";`
			`};`

users: remove system-user.nix 2023-10-14 09:40:12 +00:00			`### System proxy settings`
networking: modify proxy configurations - removed `environment.systemPackages = with pkgs; [ clash-meta ];`, as I found it isn't nessessary... - use same environment variables on different platforms and alias 2023-10-10 09:05:33 +00:00			`networking.proxy.default = "http://127.0.0.1:7890/";`
initial commit 2023-09-19 00:17:43 +00:00
users: remove system-user.nix 2023-10-14 09:40:12 +00:00			`### User running proxy service`
			`users.groups."clash-meta" = {};`
			`users.users."clash-meta" = {`
			`isSystemUser = true;`
			`group = config.users.groups."clash-meta".name;`
			`};`

			`### Proxy service`
initial commit 2023-09-19 00:17:43 +00:00			`systemd.services."clash-meta" = {`
flake: overhaul presets 2023-11-04 10:02:11 +00:00			`description = "Clash.Meta Client";`
flake: format everything using alejandra 2023-11-04 10:14:42 +00:00			`after = ["network-online.target"];`
flake: overhaul presets 2023-11-04 10:02:11 +00:00
flake: format everything using alejandra 2023-11-04 10:14:42 +00:00			`wantedBy = ["multi-user.target"];`
flake: overhaul presets 2023-11-04 10:02:11 +00:00
initial commit 2023-09-19 00:17:43 +00:00			`serviceConfig = {`
			`Type = "simple";`
flake: overhaul presets 2023-11-04 10:02:11 +00:00			`WorkingDirectory = "/etc/${etcDirectory}";`
flake: format everything using alejandra 2023-11-04 10:14:42 +00:00			`User = [config.users.users."clash-meta".name];`
			`Group = [config.users.groups."clash-meta".name];`
flake: overhaul presets 2023-11-04 10:02:11 +00:00			`ExecStart = "${pkgs.clash-meta}/bin/clash-meta -d /etc/${etcDirectory}";`
initial commit 2023-09-19 00:17:43 +00:00			`Restart = "on-failure";`
nixos: minor adjustments to secrets, proxy, users 2023-09-20 21:23:10 +00:00			`CapabilityBoundingSet = [`
			`"CAP_NET_ADMIN"`
			`"CAP_NET_BIND_SERVICE"`
flake: overhaul presets 2023-11-04 10:02:11 +00:00			`"CAP_NET_RAW"`
nixos: minor adjustments to secrets, proxy, users 2023-09-20 21:23:10 +00:00			`];`
			`AmbientCapabilities = [`
			`"CAP_NET_ADMIN"`
			`"CAP_NET_BIND_SERVICE"`
flake: overhaul presets 2023-11-04 10:02:11 +00:00			`"CAP_NET_RAW"`
nixos: minor adjustments to secrets, proxy, users 2023-09-20 21:23:10 +00:00			`];`
initial commit 2023-09-19 00:17:43 +00:00			`};`
			`};`

repo: git submodules -> flake inputs 2023-10-14 07:53:25 +00:00			`### Local Clash WebUI`
			`# You can also use the following website, just in case:`
			`# - metacubexd:`
			`# - GH Pages Custom Domain: http://d.metacubex.one`
			`# - GH Pages: https://metacubex.github.io/metacubexd`
			`# - Cloudflare Pages: https://metacubexd.pages.dev`
			`# - yacd (Yet Another Clash Dashboard):`
			`# - https://yacd.haishan.me`
			`# - clash-dashboard (buggy):`
			`# - https://clash.razord.top`
flake: overhaul presets 2023-11-04 10:02:11 +00:00			`environment.etc."${etcDirectory}/metacubexd".source = inputs.metacubexd;`
flake: format everything using alejandra 2023-11-04 10:14:42 +00:00			`}`