nixos/mihomo: use substitute rather than readFile

https://github.com/NixOS/nixpkgs/issues/237216
This commit is contained in:
Guanran Wang 2024-06-16 10:59:27 +08:00
parent 675d77f1ce
commit 1a904288a8
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
3 changed files with 57 additions and 45 deletions

View file

@ -10,17 +10,18 @@ fetch: &fetch
use: &use
type: select
use:
- flyairport
- efcloud
- kogeki
- flyairport
- spcloud
use-backup: &use-backup
type: select
use:
- pawdroid
- ermaozi
#- jsnzkpg
- jsnzkpg
- pawdroid
convert: &convert "https://sub.maoxiongnet.com/sub?target=clash&list=true&url="
port: 7890
external-controller: 127.0.0.1:9090
@ -29,6 +30,39 @@ unified-delay: true
tcp-concurrent: true
geodata-mode: true
secret: "@clash/secret@"
proxies:
# @clash/proxies/lightsail@
proxy-providers:
efcloud:
<<: *fetch
url: "@clash/proxy-providers/efcloud@"
flyairport:
<<: *fetch
url: "@clash/proxy-providers/flyairport@"
spcloud:
<<: *fetch
url: "@clash/proxy-providers/spcloud@"
# Free servers that I dont really care about
ermaozi:
<<: *fetch
url: >
*convert
https://cdn.jsdelivr.net/gh/ermaozi/get_subscribe@main/subscribe/v2ray.txt
jsnzkpg:
<<: *fetch
url: >
*convert
https://cdn.jsdelivr.net/gh/Jsnzkpg/Jsnzkpg@Jsnzkpg/Jsnzkpg
pawdroid:
<<: *fetch
url: >
*convert
https://cdn.jsdelivr.net/gh/Pawdroid/Free-servers@main/sub
proxy-groups:
- {
name: PROXY,

View file

@ -1,4 +1,5 @@
{
lib,
pkgs,
config,
...
@ -27,45 +28,23 @@
sops.secrets = builtins.mapAttrs (_name: value: value // {restartUnits = ["mihomo.service"];}) {
"clash/secret" = {};
"clash/proxies/lightsail" = {};
"clash/proxy-providers/flyairport" = {};
"clash/proxy-providers/efcloud" = {};
"clash/proxy-providers/kogeki" = {};
"clash/proxy-providers/flyairport" = {};
"clash/proxy-providers/spcloud" = {};
};
sops.templates."clash.yaml".content = let
convert = url: "https://sub.maoxiongnet.com/sub?target=clash&list=true&url=${url}";
in
builtins.readFile ./config.yaml
+ ''
secret: "${config.sops.placeholder."clash/secret"}"
proxies:
${config.sops.placeholder."clash/proxies/lightsail"}
proxy-providers:
flyairport:
<<: *fetch
url: "${config.sops.placeholder."clash/proxy-providers/flyairport"}"
efcloud:
<<: *fetch
url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}"
kogeki:
<<: *fetch
url: "${config.sops.placeholder."clash/proxy-providers/kogeki"}"
spcloud:
<<: *fetch
url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}"
# Free servers that I dont really care about
pawdroid:
<<: *fetch
url: "${convert "https://cdn.jsdelivr.net/gh/Pawdroid/Free-servers@main/sub"}"
ermaozi:
<<: *fetch
url: "${convert "https://cdn.jsdelivr.net/gh/ermaozi/get_subscribe@main/subscribe/v2ray.txt"}"
#jsnzkpg:
# <<: *fetch
# url: "${convert "https://cdn.jsdelivr.net/gh/Jsnzkpg/Jsnzkpg@Jsnzkpg/Jsnzkpg"}"
'';
# why not substituteAll? see https://github.com/NixOS/nixpkgs/issues/237216
sops.templates."clash.yaml".file = pkgs.substitute {
src = ./config.yaml;
replacements = let
inherit' = list: lib.flatten (map (attr: ["--subst-var-by" attr config.sops.placeholder.${attr}]) list);
in
inherit' [
"clash/secret"
"clash/proxies/lightsail"
"clash/proxy-providers/efcloud"
"clash/proxy-providers/flyairport"
"clash/proxy-providers/spcloud"
];
};
}

View file

@ -6,11 +6,10 @@ wireless:
clash:
secret: ENC[AES256_GCM,data:eCq/pDlSOw==,iv:QGNKxqmkj9BWFBJGj/O4fUL8Ey8zGEHMsWX02DrM82U=,tag:z2vVCBSt6mw47ca2xoxg9A==,type:str]
proxies:
lightsail: ENC[AES256_GCM,data:0lbXCE21o8FrQonV1AElDxGG+eTrFIabch/QnE0tZ5QoioDRstMs1oiXN/XQHJqQdHLY+blgyEyyBjJMc8rjRcGEgAy081xzlcD2VKDoXOBcnMgBNtMz1i8aG+DqfjadDWBt0v0KK2GgiZ9K+A8=,iv:wDo0S4XlFN6kRlApAIePYdJgGMwz/TJuxInZ8vGTUeQ=,tag:8oBxnC3qTQQ7ofGmNmi/Ew==,type:str]
lightsail: ENC[AES256_GCM,data:ik3GANdJuZuYkl2kUMiCu6rWhOBTgvYuDT0Xn+/pZwyBVRWtwPhfLY6Ptm0GXj77zzD0/5bgxPRCNJncQEH2NarkqE/DXlluKqlBjOThgRjtVQF+FCJ01Y6/tL0HsvgZse9hasNtrXJHy+PGDiZdcNDmr+piB53Pgt+jdw==,iv:X9+PZUjWlOl74VLXW++SVDd+9U1guglNABe/N/iyMLs=,tag:OYj5a6i9WhkyK5m2wllCmg==,type:str]
proxy-providers:
flyairport: ENC[AES256_GCM,data:akHdU/2o8D65sG2b/mcj76HASwhg3WvoEcrpgkXPyh7kuc+Ci42hmmmmBk9I29vuvZjTtCTs8mMzaLK1wm8TS/K1A1zeAGULxSsqhpV4cA19Q4vAtQ2+FyuGiaFszuaHK6BSlZAosfmCGoM1nZRYuOnsdeR0vnHBIHhJFNhaLw==,iv:VeVT3cEaOO/90gcqpm2yOacThbEyaXuBRhp4buX/XOY=,tag:kojJbqwYk/DNFBcJMY2eXg==,type:str]
efcloud: ENC[AES256_GCM,data:GvKNMscPknhlBy9Qp8iuYoxF10oX2ZIOKo+XKRH2NOGGDiMk/GwdGfA5+gf3ZcEEGFGw/8CrBddjJCivyxqwF+oAEHJyjdcFhGyyOopsx9s3waq8Hge/KzE=,iv:WXAd3yA5cTZp+ttKHXPf6cbsk6pRXq5/xMysNUAs1Rk=,tag:HygexRSW8ICa+RIFmrRKRQ==,type:str]
kogeki: ENC[AES256_GCM,data:159GepC8UUm4FA7vRZO9RJ5DCPigt8RUsm78ibVjU8SHKTtMS6bHPA40S8l6V07VJmytRaXqWCIkiI7dXR64UvoRe+gMD2a0y8UgM4Pncf0IWpxhag==,iv:KBf4IPfof4bgs87udH+aXQ95K3F1Zuw5Ueh+b4AkQFg=,tag:F8TPR5kxIlmA+LG7kvz3HQ==,type:str]
spcloud: ENC[AES256_GCM,data:Uz0SLmSxzV/hcsBuYtlsZ5G5E8wjzmHcFMGCyBrEewOr6gAdBQvC4njotYbMIdQAQRTgAE2wBukdSxXWCTrNph7uoVhskz1YkNjxnQVPUO5WfQ==,iv:TwHPdeATx+LanfhHeD7M5sSf3M2NLBWBAAaFTwgsK7A=,tag:9DMgcSoy4ksYl/dPWwA+dA==,type:str]
sops:
kms: []
@ -54,8 +53,8 @@ sops:
SC9YMFk4dUNOUDJYMXErck8yTmJmZmcKp66bHZTD6VitAOfzIr8VJr02+R9f5mxH
c5n2CWurDsZsNTKk7pgxQo78ySyAG3rzvOqgK0NFesyHy9dRl8xHCQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-01T11:58:20Z"
mac: ENC[AES256_GCM,data:mlOkAorzLzSGFDhFlZ1Kx3AYWSeJGJbk8JFaidWIk1Bp5/4ttO4sFskfRl4SqXCcAcqvgGDhzit5x/i9cCzlrE004f0t4hsupxQOkZ8yZ5+8uT4Q4NFdPf+WPU6/LwG8qrv2i7qbjRb2bnTVKqzyjvrKjx2ZIScAlzWm87bAjuk=,iv:xshvSgZ1P+z6NwrrlouyO8lYL/4ohedKZmbkewS7w3k=,tag:AFBnvs55Ws8ShVFRie1Rew==,type:str]
lastmodified: "2024-06-16T02:17:41Z"
mac: ENC[AES256_GCM,data:JDCxFDk8NnXuFb1s0oTc5dMkZVCAoqlnUh9CzZajlXoGKetrEJQRZtxxr1yzWYl548eltEyRHzUl8idsjz6OdycmrX7hL0pHQHK0QxB4iIsiJAfBX6Sa8inkp2Os7HOgxRSC4QKKb3Ua32BG40KTL/eoVkCimaby4kUZqVQHLjU=,iv:dU4zAA54KUppdAlWB6/XU0fMuuF1QSpuqpdjp9ucmz4=,tag:AGAxLXs5M5ZMixXA3yVosw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1