nixos: clash-meta-client: use sops templates
This commit is contained in:
parent
738c806307
commit
09d875d9aa
6 changed files with 188 additions and 40 deletions
|
@ -10,7 +10,7 @@
|
|||
# User
|
||||
../../../users/guanranwang/nixos/profiles/core
|
||||
../../../users/guanranwang/nixos/profiles/device-type/laptop
|
||||
../../../users/guanranwang/nixos/profiles/opt-in/clash-meta-client.nix
|
||||
../../../users/guanranwang/nixos/profiles/opt-in/clash-meta-client
|
||||
../../../users/guanranwang/nixos/profiles/opt-in/gaming
|
||||
../../../users/guanranwang/nixos/profiles/opt-in/torrenting
|
||||
|
||||
|
|
|
@ -47,8 +47,8 @@ in {
|
|||
|
||||
# https://man.archlinux.org/man/systemd.exec.5
|
||||
ConfigurationDirectory = "clash";
|
||||
User = [config.users.users."clash".name];
|
||||
Group = [config.users.groups."clash".name];
|
||||
User = config.users.users."clash".name;
|
||||
Group = config.users.groups."clash".name;
|
||||
ExecStart = builtins.replaceStrings ["\n"] [" "] ''
|
||||
${lib.getExe cfg.package}
|
||||
-d /etc/clash
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
services.clash = {
|
||||
enable = true;
|
||||
package = pkgs.clash-meta;
|
||||
configFile = config.sops.secrets."clash-config".path;
|
||||
webui = inputs.self.packages.${pkgs.system}.metacubexd;
|
||||
};
|
||||
|
||||
### sops-nix
|
||||
sops.secrets."clash-config" = {
|
||||
owner = config.users.users."clash".name;
|
||||
group = config.users.groups."clash".name;
|
||||
restartUnits = ["clash.service"];
|
||||
};
|
||||
|
||||
### System proxy settings
|
||||
networking.proxy.default = "http://127.0.0.1:7890/";
|
||||
|
||||
### Local Clash WebUI
|
||||
# You can also use the following website, just in case:
|
||||
# - metacubexd:
|
||||
# - GH Pages Custom Domain: http://d.metacubex.one
|
||||
# - GH Pages: https://metacubex.github.io/metacubexd
|
||||
# - Cloudflare Pages: https://metacubexd.pages.dev
|
||||
# - yacd (Yet Another Clash Dashboard):
|
||||
# - https://yacd.haishan.me
|
||||
# - clash-dashboard (buggy):
|
||||
# - https://clash.razord.top
|
||||
}
|
|
@ -0,0 +1,115 @@
|
|||
######### 锚点 start #######
|
||||
# 策略组相关
|
||||
pr: &pr { type: select, proxies: [ 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点, 自动选择, DIRECT, ], }
|
||||
|
||||
# 这里是订阅更新和延迟测试相关的
|
||||
p: &p { type: http, interval: 3600, health-check: { enable: true, url: https://www.gstatic.com/generate_204, interval: 300, }, }
|
||||
|
||||
######### 锚点 end #######
|
||||
|
||||
allow-lan: true
|
||||
port: 7890
|
||||
unified-delay: false
|
||||
tcp-concurrent: true
|
||||
external-controller: 127.0.0.1:9090
|
||||
log-level: warning
|
||||
|
||||
geodata-mode: true
|
||||
geox-url:
|
||||
geoip: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.dat"
|
||||
geosite: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
|
||||
mmdb: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/country-lite.mmdb"
|
||||
|
||||
find-process-mode: strict
|
||||
global-client-fingerprint: chrome
|
||||
|
||||
profile:
|
||||
store-selected: true
|
||||
store-fake-ip: true
|
||||
|
||||
sniffer:
|
||||
enable: true
|
||||
sniff:
|
||||
HTTP:
|
||||
ports: [80, 8080-8880]
|
||||
override-destination: true
|
||||
TLS:
|
||||
ports: [443, 8443]
|
||||
#QUIC:
|
||||
# ports: [443, 8443]
|
||||
skip-domain:
|
||||
- "Mijia Cloud"
|
||||
|
||||
dns:
|
||||
enable: true
|
||||
listen: :1053
|
||||
ipv6: true
|
||||
enhanced-mode: fake-ip
|
||||
fake-ip-filter:
|
||||
- "*"
|
||||
- "+.lan"
|
||||
- "+.local"
|
||||
nameserver:
|
||||
- https://doh.pub/dns-query
|
||||
- https://dns.alidns.com/dns-query
|
||||
proxy-server-nameserver:
|
||||
- https://doh.pub/dns-query
|
||||
nameserver-policy:
|
||||
"geosite:private":
|
||||
- https://doh.pub/dns-query
|
||||
- https://dns.alidns.com/dns-query
|
||||
"geosite:geolocation-!cn":
|
||||
- "https://dns.cloudflare.com/dns-query#dns"
|
||||
- "https://dns.google/dns-query#dns"
|
||||
|
||||
proxy-groups:
|
||||
- { name: 默认, type: select, proxies: [自动选择, DIRECT, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点], }
|
||||
- { name: dns, type: select, proxies: [自动选择, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点], }
|
||||
- { name: Google, <<: *pr }
|
||||
- { name: Telegram, <<: *pr }
|
||||
- { name: Twitter, <<: *pr }
|
||||
- { name: Pixiv, <<: *pr }
|
||||
- { name: ehentai, <<: *pr }
|
||||
- { name: 哔哩哔哩, <<: *pr }
|
||||
- { name: 哔哩东南亚, <<: *pr }
|
||||
- { name: 巴哈姆特, <<: *pr }
|
||||
- { name: YouTube, <<: *pr }
|
||||
- { name: NETFLIX, <<: *pr }
|
||||
- { name: Spotify, <<: *pr }
|
||||
- { name: Github, <<: *pr }
|
||||
- { name: 国内, type: select, proxies: [ DIRECT, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点, 自动选择, ], }
|
||||
- { name: 其他, <<: *pr }
|
||||
|
||||
# 分隔,下面是地区分组
|
||||
- { name: 香港, <<: *use, filter: "(?i)港|hk|hongkong|hong kong" }
|
||||
- { name: 台湾, <<: *use, filter: "(?i)台|tw|taiwan" }
|
||||
- { name: 日本, <<: *use, filter: "(?i)日本|jp|japan" }
|
||||
- { name: 美国, <<: *use, filter: "(?i)美|us|unitedstates|united states" }
|
||||
- { name: 新加坡, <<: *use, filter: "(?i)(新|sg|singapore)" }
|
||||
- { name: 其它地区, <<: *use, filter: "(?i)^(?!.*(?:🇭🇰|🇯🇵|🇺🇸|🇸🇬|🇨🇳|港|hk|hongkong|台|tw|taiwan|日|jp|japan|新|sg|singapore|美|us|unitedstates)).*", }
|
||||
- { name: 全部节点, <<: *use }
|
||||
- { name: 自动选择, <<: *use, tolerance: 2, type: url-test }
|
||||
|
||||
rules:
|
||||
- GEOIP,lan,直连,no-resolve
|
||||
- GEOSITE,biliintl,哔哩东南亚
|
||||
- GEOSITE,ehentai,ehentai
|
||||
- GEOSITE,github,Github
|
||||
- GEOSITE,twitter,Twitter
|
||||
- GEOSITE,youtube,YouTube
|
||||
- GEOSITE,google,Google
|
||||
- GEOSITE,telegram,Telegram
|
||||
- GEOSITE,netflix,NETFLIX
|
||||
- GEOSITE,bilibili,哔哩哔哩
|
||||
- GEOSITE,bahamut,巴哈姆特
|
||||
- GEOSITE,spotify,Spotify
|
||||
- GEOSITE,pixiv,Pixiv
|
||||
- GEOSITE,geolocation-!cn,其他
|
||||
|
||||
- GEOIP,google,Google
|
||||
- GEOIP,netflix,NETFLIX
|
||||
- GEOIP,telegram,Telegram
|
||||
- GEOIP,twitter,Twitter
|
||||
- GEOSITE,CN,国内
|
||||
- GEOIP,CN,国内
|
||||
- MATCH,其他
|
|
@ -0,0 +1,63 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
services.clash = {
|
||||
enable = true;
|
||||
package = pkgs.clash-meta;
|
||||
configFile = config.sops.templates."clash.yaml".path;
|
||||
webui = inputs.self.packages.${pkgs.system}.metacubexd;
|
||||
};
|
||||
|
||||
### sops-nix
|
||||
sops.secrets = builtins.mapAttrs (_name: value: value // {restartUnits = ["clash.service"];}) {
|
||||
"clash/proxy-providers/efcloud" = {};
|
||||
"clash/proxy-providers/spcloud" = {};
|
||||
"clash/proxy-providers/pawdroid" = {};
|
||||
};
|
||||
|
||||
# TODO: Using example config
|
||||
# https://wiki.metacubex.one/example/conf/
|
||||
# MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used
|
||||
sops.templates."clash.yaml" = {
|
||||
owner = config.systemd.services."clash".serviceConfig.User;
|
||||
group = config.systemd.services."clash".serviceConfig.Group;
|
||||
content =
|
||||
''
|
||||
use: &use
|
||||
type: select
|
||||
use:
|
||||
- efcloud
|
||||
- spcloud
|
||||
#- pawdroid
|
||||
|
||||
proxy-providers:
|
||||
efcloud:
|
||||
<<: *p
|
||||
url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}"
|
||||
spcloud:
|
||||
<<: *p
|
||||
url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}"
|
||||
#pawdroid:
|
||||
# <<: *p
|
||||
# url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}"
|
||||
''
|
||||
+ builtins.readFile ./config.yaml;
|
||||
};
|
||||
|
||||
### System proxy settings
|
||||
networking.proxy.default = "http://127.0.0.1:7890/";
|
||||
|
||||
### Local Clash WebUI
|
||||
# You can also use the following website, just in case:
|
||||
# - metacubexd:
|
||||
# - GH Pages Custom Domain: http://d.metacubex.one
|
||||
# - GH Pages: https://metacubex.github.io/metacubexd
|
||||
# - Cloudflare Pages: https://metacubexd.pages.dev
|
||||
# - yacd (Yet Another Clash Dashboard):
|
||||
# - https://yacd.haishan.me
|
||||
# - clash-dashboard (buggy):
|
||||
# - https://clash.razord.top
|
||||
}
|
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue