nixos/clash: use systemd LoadCredential
This commit is contained in:
parent
0de1ec8d89
commit
b5b59e3729
2 changed files with 18 additions and 22 deletions
|
@ -43,17 +43,17 @@ in {
|
|||
serviceConfig = {
|
||||
# TODO: DynamicUser
|
||||
# DynamicUser = true;
|
||||
# LoadCredential = "credentials:${config.sops.secrets."clash-config".path}";
|
||||
User = config.users.users."clash".name;
|
||||
Group = config.users.groups."clash".name;
|
||||
|
||||
# https://man.archlinux.org/man/systemd.exec.5
|
||||
ConfigurationDirectory = "clash";
|
||||
User = config.users.users."clash".name;
|
||||
Group = config.users.groups."clash".name;
|
||||
LoadCredential = "configuration:${cfg.configFile}";
|
||||
ExecStart = builtins.replaceStrings ["\n"] [" "] ''
|
||||
${lib.getExe cfg.package}
|
||||
-d /etc/clash
|
||||
${lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}"}
|
||||
${lib.optionalString (cfg.configFile != null) "-f ${cfg.configFile}"}
|
||||
${lib.optionalString (cfg.configFile != null) "-f \${CREDENTIALS_DIRECTORY}/configuration"}
|
||||
${lib.optionalString (cfg.extraOpts != null) cfg.extraOpts}
|
||||
'';
|
||||
|
||||
|
|
|
@ -21,24 +21,20 @@
|
|||
# TODO: Using example config
|
||||
# https://wiki.metacubex.one/example/conf/
|
||||
# MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used
|
||||
sops.templates."clash.yaml" = {
|
||||
owner = config.systemd.services."clash".serviceConfig.User;
|
||||
group = config.systemd.services."clash".serviceConfig.Group;
|
||||
content =
|
||||
builtins.readFile ./config.yaml
|
||||
+ ''
|
||||
proxy-providers:
|
||||
efcloud:
|
||||
<<: *p
|
||||
url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}"
|
||||
spcloud:
|
||||
<<: *p
|
||||
url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}"
|
||||
#pawdroid:
|
||||
# <<: *p
|
||||
# url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}"
|
||||
'';
|
||||
};
|
||||
sops.templates."clash.yaml".content =
|
||||
builtins.readFile ./config.yaml
|
||||
+ ''
|
||||
proxy-providers:
|
||||
efcloud:
|
||||
<<: *p
|
||||
url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}"
|
||||
spcloud:
|
||||
<<: *p
|
||||
url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}"
|
||||
#pawdroid:
|
||||
# <<: *p
|
||||
# url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}"
|
||||
'';
|
||||
|
||||
### System proxy settings
|
||||
networking.proxy.default = "http://127.0.0.1:7890/";
|
||||
|
|
Loading…
Reference in a new issue