nixos/clash: use systemd LoadCredential

This commit is contained in:
Guanran Wang 2023-12-26 14:42:06 +08:00
parent 0de1ec8d89
commit b5b59e3729
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
2 changed files with 18 additions and 22 deletions

View file

@ -43,17 +43,17 @@ in {
serviceConfig = {
# TODO: DynamicUser
# DynamicUser = true;
# LoadCredential = "credentials:${config.sops.secrets."clash-config".path}";
User = config.users.users."clash".name;
Group = config.users.groups."clash".name;
# https://man.archlinux.org/man/systemd.exec.5
ConfigurationDirectory = "clash";
User = config.users.users."clash".name;
Group = config.users.groups."clash".name;
LoadCredential = "configuration:${cfg.configFile}";
ExecStart = builtins.replaceStrings ["\n"] [" "] ''
${lib.getExe cfg.package}
-d /etc/clash
${lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}"}
${lib.optionalString (cfg.configFile != null) "-f ${cfg.configFile}"}
${lib.optionalString (cfg.configFile != null) "-f \${CREDENTIALS_DIRECTORY}/configuration"}
${lib.optionalString (cfg.extraOpts != null) cfg.extraOpts}
'';

View file

@ -21,24 +21,20 @@
# TODO: Using example config
# https://wiki.metacubex.one/example/conf/
# MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used
sops.templates."clash.yaml" = {
owner = config.systemd.services."clash".serviceConfig.User;
group = config.systemd.services."clash".serviceConfig.Group;
content =
builtins.readFile ./config.yaml
+ ''
proxy-providers:
efcloud:
<<: *p
url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}"
spcloud:
<<: *p
url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}"
#pawdroid:
# <<: *p
# url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}"
'';
};
sops.templates."clash.yaml".content =
builtins.readFile ./config.yaml
+ ''
proxy-providers:
efcloud:
<<: *p
url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}"
spcloud:
<<: *p
url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}"
#pawdroid:
# <<: *p
# url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}"
'';
### System proxy settings
networking.proxy.default = "http://127.0.0.1:7890/";