nixos: mihomo -> sing-box
This commit is contained in:
parent
93f54cf715
commit
3d6c3ab652
11 changed files with 130 additions and 154 deletions
|
@ -18,13 +18,13 @@ creation_rules:
|
|||
- age:
|
||||
- *guanranwang
|
||||
- *lightsail-tokyo
|
||||
- path_regex: nixos/profiles/opt-in/mihomo/secrets.yaml$
|
||||
- path_regex: nixos/profiles/sing-box/secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *guanranwang
|
||||
- *blacksteel
|
||||
- *dust
|
||||
- path_regex: nixos/profiles/opt-in/wireless/secrets.yaml$
|
||||
- path_regex: nixos/profiles/wireless/secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *guanranwang
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
}: {
|
||||
imports = [
|
||||
# OS
|
||||
../../nixos/profiles/opt-in/mihomo
|
||||
../../nixos/profiles/sing-box
|
||||
|
||||
# Hardware
|
||||
./hardware-configuration.nix
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
...
|
||||
}: {
|
||||
imports = [
|
||||
../../nixos/profiles/opt-in/mihomo
|
||||
../../nixos/profiles/opt-in/wireless
|
||||
../../nixos/profiles/sing-box
|
||||
../../nixos/profiles/wireless
|
||||
|
||||
./anti-feature.nix
|
||||
./disko.nix
|
||||
|
|
|
@ -1,53 +0,0 @@
|
|||
### YAML Anchors
|
||||
fetch: &fetch
|
||||
type: http
|
||||
interval: 43200 # 12 hours
|
||||
health-check:
|
||||
enable: true
|
||||
url: https://www.gstatic.com/generate_204
|
||||
interval: 600 # 10 minutes
|
||||
|
||||
use: &use
|
||||
type: select
|
||||
use:
|
||||
- efcloud
|
||||
- spcloud
|
||||
|
||||
port: 7890
|
||||
external-controller: 127.0.0.1:9090
|
||||
log-level: warning
|
||||
unified-delay: true
|
||||
tcp-concurrent: true
|
||||
geodata-mode: true
|
||||
|
||||
secret: "@clash/secret@"
|
||||
|
||||
proxies:
|
||||
# @clash/proxies/lightsail@
|
||||
|
||||
proxy-providers:
|
||||
efcloud:
|
||||
<<: *fetch
|
||||
url: "@clash/proxy-providers/efcloud@"
|
||||
spcloud:
|
||||
<<: *fetch
|
||||
url: "@clash/proxy-providers/spcloud@"
|
||||
|
||||
proxy-groups:
|
||||
- { name: PROXY, type: select, proxies: [自动选择, lightsail, DIRECT] }
|
||||
- { name: 自动选择, <<: *use, tolerance: 2, type: url-test }
|
||||
|
||||
rules:
|
||||
- GEOIP, lan, DIRECT, no-resolve
|
||||
- GEOSITE, private, DIRECT
|
||||
- GEOSITE, category-ads, REJECT
|
||||
|
||||
- GEOSITE, icloud, DIRECT
|
||||
- GEOSITE, apple@cn, DIRECT
|
||||
- GEOSITE, google@cn, DIRECT
|
||||
- GEOSITE, microsoft@cn, DIRECT
|
||||
- GEOSITE, category-games@cn, DIRECT
|
||||
|
||||
- GEOSITE, cn, DIRECT
|
||||
- GEOIP, cn, DIRECT
|
||||
- MATCH, PROXY
|
|
@ -1,49 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
services.mihomo = {
|
||||
enable = true;
|
||||
configFile = config.sops.templates."clash.yaml".path;
|
||||
webui = pkgs.metacubexd;
|
||||
};
|
||||
|
||||
systemd.services.mihomo.preStart = ''
|
||||
${pkgs.coreutils}/bin/ln -sf ${pkgs.v2ray-geoip}/share/v2ray/geoip.dat /var/lib/private/mihomo/GeoIP.dat
|
||||
${pkgs.coreutils}/bin/ln -sf ${pkgs.v2ray-domain-list-community}/share/v2ray/geosite.dat /var/lib/private/mihomo/GeoSite.dat
|
||||
'';
|
||||
|
||||
### System proxy settings
|
||||
networking.proxy.default = "http://127.0.0.1:7890/";
|
||||
environment.shellAliases = let
|
||||
inherit (config.networking) proxy;
|
||||
in {
|
||||
"setproxy" = "export http_proxy=${proxy.httpProxy} https_proxy=${proxy.httpsProxy} all_proxy=${proxy.allProxy} ftp_proxy=${proxy.ftpProxy} rsync_proxy=${proxy.rsyncProxy}";
|
||||
"unsetproxy" = "set -e http_proxy https_proxy all_proxy ftp_proxy rsync_proxy";
|
||||
};
|
||||
|
||||
### sops-nix
|
||||
sops.secrets = lib.mapAttrs (_name: value:
|
||||
value
|
||||
// {
|
||||
restartUnits = ["mihomo.service"];
|
||||
sopsFile = ./secrets.yaml;
|
||||
}) {
|
||||
"clash/secret" = {};
|
||||
"clash/proxies/lightsail" = {};
|
||||
"clash/proxy-providers/efcloud" = {};
|
||||
"clash/proxy-providers/spcloud" = {};
|
||||
};
|
||||
|
||||
sops.templates."clash.yaml".file = pkgs.replaceVars ./config.yaml {
|
||||
inherit
|
||||
(config.sops.placeholder)
|
||||
"clash/secret"
|
||||
"clash/proxies/lightsail"
|
||||
"clash/proxy-providers/efcloud"
|
||||
"clash/proxy-providers/spcloud"
|
||||
;
|
||||
};
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
clash:
|
||||
secret: ENC[AES256_GCM,data:0dikpMbntA==,iv:63yclHF0yUJXWr7/RN0RLMFmASD847i6WAplx6sfvGQ=,tag:Y7lw2sn34CEfAmzy/0IugA==,type:str]
|
||||
proxies:
|
||||
lightsail: ENC[AES256_GCM,data:YfyZsBi3yMIAMIjotAk4g4M+yYYozSSbKE77oz3lwbRHCMVJqxeo5nR04HrG8Hy2mQvVV09et1MbgnDMhEaSERZvsfaBojFUoRE6Du18n1ET8P1/ez5aKgC6ZnHy90a99mktqD4QDGNE8VDX2xBtNcVLF6i9dJ9di9tJEtnOdw+Q,iv:/uqtX6E2I0sqSWt2FmKwzG9zQb2TjdQqfDBZQXLh8cs=,tag:ofvc5GKEPrizajUaevI1jA==,type:str]
|
||||
proxy-providers:
|
||||
efcloud: ENC[AES256_GCM,data:36mToXGiHVAgM4vVQFOYvNPaHHuVf4mtvnNOgMBTyzbZ/mKpT1Exx7rWZ7i9EVBy5eX7SJtKmnHs0CqD48hr7R708W2oW3YNPEfkK7aGDqfQFyS1TVjT+MM=,iv:+qiFyM10fcAjcdyVZCC+0hb83GYENooM52+1GPXpamQ=,tag:wZupiFJMQq8A5ZwJtjXiOg==,type:str]
|
||||
spcloud: ENC[AES256_GCM,data:gmJM+sTTaUrIxQXRBlDtE+K1gEfseMPUC2AQLq1LeY6iQmgq3wK7oJlz+buLbm/LUDitvls9d517905hz/Mpp2F7ohBeW9m1Jkcvdh/Zfgnfqg==,iv:FPe//+/ZMDZloZg2AnQ7JXRzqZdKDjLYs3wqMxqNA/Y=,tag:JPEU/WnUfy8bNlhAgPQwJw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZkVpWm43Y3NOVHpBWHdm
|
||||
bDhyeHA5RkhQZDNCZzQwL2l4cDFuZFlzUHg0CjhkWkJTWVEyRDRiUnFUVHcrd0Zh
|
||||
NUt2aG5jTjZ6dFBxRkFLZkdEWm5FcWsKLS0tIFY3VURVUWpRQ1A3WGxUWmdPaG1w
|
||||
bnNtenl4MUpTME9CYmZIL1VNZzdxREUKyIJVIyXg5lDkUlwG8hbGdgJ4ii/K/cTV
|
||||
2u/B5KSCTQ0/ndyamjfYMDawL7xVoXTuPRufj/oW/j1lNd0UTbSphA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlSlpRSjZHS29SMERKQ0tN
|
||||
bkJ2YlZVNVhEUHhNc3Z0bmc0TTZHR3Q1Y3hZCmx3cHZoL2lvWFVBTzNXa3hVa0Zk
|
||||
SG1zbDI0dnlicEV0RktnSmVvWEdaN3MKLS0tIHlJaExjRE15Q1JCTDFOUlBLUkFY
|
||||
US9haXAyakN5QXJpNFVFZnoybE5va1UK5b4Mr3sVReaT3KoiDPbSIMwNMjyp2Ob0
|
||||
iTdjOx3LklF4rslHxEb3nwHSTzQjsFUPVfygyMKC4oPoUk9jN1hy/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWXB5L1VESXBhRkdBSTJk
|
||||
VVpJRGtyVTAvdXA1WUNwVW0xd3JZclBLeW5ZCllCS1dBTWxuRlpSbWFLbG1HdFR0
|
||||
TjFGVW1zUGE5dG9rZmF1NGQ1NEJnWkEKLS0tIDdzenRaWVRoVTZ5eGNVQk8zZmlp
|
||||
R3JVUlNmd0t2WWlvK3U3K2gyYmQycUEKoDQ7wLxvHbyLUKCvt2cV3xUDyiPXLTq8
|
||||
1KyVQ/5FHQCRPsqjYmXioqKNecZxYnVESPi8UZslTn8edtl3iiQTLQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-10T15:24:00Z"
|
||||
mac: ENC[AES256_GCM,data:BGF/DAfOhdw0YZ6PGipXu0sL9+8E1s509bg89dMnAtf1WfreFCQMuHe7uqfkC3Be99proNgJ1O5fWTENaynXyMKto1YF+7z9ZZ3CCOceFLNqbBucaxRFAO+tkMlVixLoqIvEHdyoZD+iM45wOO6mn+/o6wR/z3Ze36wmZCJ1+4c=,iv:s9N2lNx1SwPm0qNyqgGm2Qp5zS4xIhxwp2kj7sQmcQc=,tag:o1/WS7b7FR//IZK1iNQkCg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
83
nixos/profiles/sing-box/default.nix
Normal file
83
nixos/profiles/sing-box/default.nix
Normal file
|
@ -0,0 +1,83 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
services.sing-box = {
|
||||
enable = true;
|
||||
settings = {
|
||||
inbounds = [
|
||||
{
|
||||
type = "http";
|
||||
tag = "inbound";
|
||||
listen = "127.0.0.1";
|
||||
listen_port = 1080;
|
||||
sniff = true;
|
||||
sniff_override_destination = true;
|
||||
}
|
||||
];
|
||||
|
||||
outbounds = [
|
||||
{
|
||||
type = "hysteria2";
|
||||
tag = "tyo0";
|
||||
server = "tyo0.ny4.dev";
|
||||
server_port = 443;
|
||||
password._secret = config.sops.secrets."sing-box/tyo0".path;
|
||||
tls.enabled = true;
|
||||
}
|
||||
{
|
||||
type = "direct";
|
||||
tag = "direct";
|
||||
}
|
||||
];
|
||||
|
||||
route = {
|
||||
rules = [
|
||||
{
|
||||
rule_set = ["geoip-cn" "geosite-cn"];
|
||||
outbound = "direct";
|
||||
}
|
||||
];
|
||||
rule_set = [
|
||||
{
|
||||
tag = "geoip-cn";
|
||||
type = "local";
|
||||
format = "binary";
|
||||
path = "${pkgs.sing-geoip}/share/sing-box/rule-set/geoip-cn.srs";
|
||||
}
|
||||
{
|
||||
tag = "geosite-cn";
|
||||
type = "local";
|
||||
format = "binary";
|
||||
path = "${pkgs.sing-geosite}/share/sing-box/rule-set/geosite-cn.srs";
|
||||
}
|
||||
];
|
||||
final = "tyo0";
|
||||
};
|
||||
|
||||
experimental = {
|
||||
clash_api = {
|
||||
external_controller = "127.0.0.1:9090";
|
||||
external_ui = pkgs.metacubexd;
|
||||
secret = "hunter2";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
### System proxy settings
|
||||
networking.proxy.default = "http://127.0.0.1:1080/";
|
||||
environment.shellAliases = let
|
||||
inherit (config.networking) proxy;
|
||||
in {
|
||||
"setproxy" = "export http_proxy=${proxy.httpProxy} https_proxy=${proxy.httpsProxy} all_proxy=${proxy.allProxy} ftp_proxy=${proxy.ftpProxy} rsync_proxy=${proxy.rsyncProxy}";
|
||||
"unsetproxy" = "set -e http_proxy https_proxy all_proxy ftp_proxy rsync_proxy";
|
||||
};
|
||||
|
||||
### sops-nix
|
||||
sops.secrets."sing-box/tyo0" = {
|
||||
restartUnits = ["sing-box.service"];
|
||||
sopsFile = ./secrets.yaml;
|
||||
};
|
||||
}
|
40
nixos/profiles/sing-box/secrets.yaml
Normal file
40
nixos/profiles/sing-box/secrets.yaml
Normal file
|
@ -0,0 +1,40 @@
|
|||
sing-box:
|
||||
tyo0: ENC[AES256_GCM,data:c1WIyaAXyiir4VRcggvJ0drgxOi24+s=,iv:1CufURfG6PL+iv54LOkh6kdjjf6Pa8uvyWsRX4rBTls=,tag:M5PzRvKJzQzhpv3z6XlG9A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3K013WDMwWUZFQW42bVow
|
||||
WnVkVDRtYlJCdGxmK2VLLy9SaE9rOTdLYmprClVXeGZuWTRYNm9oNXRMTXJ1cjhR
|
||||
dXhUYU9sMldSVFlKS0RnMlZ0WHI4SzAKLS0tIHpDYTZFL0drTWk1Z3BWYS9Kckky
|
||||
N0RHU3oxck5VaGUxdHdSQWxHeWRkS1UKf7sd4eJNOmXYaCJj84fiQLkzDmrlzIxR
|
||||
hBOzEt38wVlsq7529TXADbSoNBfLZzuhBvawS67sCGqjCK7VFn0uWw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbllZOHRYQkZSQ25VVEtp
|
||||
OEg5U1F3RXlaWTFBYnRYb0MyeFpXZ0lWMkEwClBrVTZWcHVBMU5HS0hZVzltUnBV
|
||||
bGFxYlVFMmhSZVF0WGFIbERWWEhkS00KLS0tIDlzZjEzVHVIQlJUeUdXSkNEWFVF
|
||||
ajc4azNsTlRkQVNkeU9vZXY3Njg2aTgK4ycqVY7KUAkkeNAiSOPUwo73wLL7M0HD
|
||||
b8U7C7BcBReujeVV3HUiStpeXR250rCiySWREQlyyWs4DpBoryBSnw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyYnJlZHA1eDVPVnJnRUFX
|
||||
MmxBbjdZTXhCTDd1OUNnK3RmNGxsNEh6NENrCmZFMEhOSDZhRlBONEl1N2pwbnhF
|
||||
Szl3RGcyT20xNFpMTWx0dnlQdjdsQ1UKLS0tIFVtcEdvL0VKN2p3cTJPODMxTVVX
|
||||
NTdHRTVNeUxYUHYzQzIvMlZlTFhoVkEKcjzpxTP25gadACwH6g9SZCsw2KPoNiQ6
|
||||
JsMOOy+JUrIzGDftkDYzQhxg+fDWPMnRVzk5EMEw5AU2RghrrJzTWA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-24T07:58:00Z"
|
||||
mac: ENC[AES256_GCM,data:gbgaZ6fGr8sIaEPMTJeTr4nHEkfWDMwNPstEjfn580go8Ogg3cIW0Lca1nPERCI7XimswjT9V6FnxV8HtTZ+VH3jZsuB/Zu0lYpCsTx//wY0meWWHtOINFZ6Qn9dl6CTRi/QgmNJPKjPPYcHg0ECGY/Iv8s44Mj0aXthVN61huk=,iv:8y+vjDSWaVt7kQkvu499+bK3lYB3moVtAQJ4UvfLYv4=,tag:XAhiF7cw8i8ilj3Dp/zoDw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
|
@ -11,8 +11,8 @@
|
|||
settings.formatter.prettier.excludes = [
|
||||
"hosts/blacksteel/secrets.yaml"
|
||||
"hosts/tyo0/secrets.yaml"
|
||||
"nixos/profiles/opt-in/mihomo/secrets.yaml"
|
||||
"nixos/profiles/opt-in/wireless/secrets.yaml"
|
||||
"nixos/profiles/sing-box/secrets.yaml"
|
||||
"nixos/profiles/wireless/secrets.yaml"
|
||||
"secrets.yaml"
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue