From b5b59e3729743005dee1d77459e08217e70ff424 Mon Sep 17 00:00:00 2001 From: Guanran Wang Date: Tue, 26 Dec 2023 14:42:06 +0800 Subject: [PATCH] nixos/clash: use systemd LoadCredential --- nixos/modules/services/clash.nix | 8 ++--- .../opt-in/clash-meta-client/default.nix | 32 ++++++++----------- 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/clash.nix b/nixos/modules/services/clash.nix index 51bbf77..5a926d7 100644 --- a/nixos/modules/services/clash.nix +++ b/nixos/modules/services/clash.nix @@ -43,17 +43,17 @@ in { serviceConfig = { # TODO: DynamicUser # DynamicUser = true; - # LoadCredential = "credentials:${config.sops.secrets."clash-config".path}"; + User = config.users.users."clash".name; + Group = config.users.groups."clash".name; # https://man.archlinux.org/man/systemd.exec.5 ConfigurationDirectory = "clash"; - User = config.users.users."clash".name; - Group = config.users.groups."clash".name; + LoadCredential = "configuration:${cfg.configFile}"; ExecStart = builtins.replaceStrings ["\n"] [" "] '' ${lib.getExe cfg.package} -d /etc/clash ${lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}"} - ${lib.optionalString (cfg.configFile != null) "-f ${cfg.configFile}"} + ${lib.optionalString (cfg.configFile != null) "-f \${CREDENTIALS_DIRECTORY}/configuration"} ${lib.optionalString (cfg.extraOpts != null) cfg.extraOpts} ''; diff --git a/users/guanranwang/nixos/profiles/opt-in/clash-meta-client/default.nix b/users/guanranwang/nixos/profiles/opt-in/clash-meta-client/default.nix index f4d29b9..1740f7f 100644 --- a/users/guanranwang/nixos/profiles/opt-in/clash-meta-client/default.nix +++ b/users/guanranwang/nixos/profiles/opt-in/clash-meta-client/default.nix @@ -21,24 +21,20 @@ # TODO: Using example config # https://wiki.metacubex.one/example/conf/ # MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used - sops.templates."clash.yaml" = { - owner = config.systemd.services."clash".serviceConfig.User; - group = config.systemd.services."clash".serviceConfig.Group; - content = - builtins.readFile ./config.yaml - + '' - proxy-providers: - efcloud: - <<: *p - url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}" - spcloud: - <<: *p - url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}" - #pawdroid: - # <<: *p - # url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}" - ''; - }; + sops.templates."clash.yaml".content = + builtins.readFile ./config.yaml + + '' + proxy-providers: + efcloud: + <<: *p + url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}" + spcloud: + <<: *p + url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}" + #pawdroid: + # <<: *p + # url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}" + ''; ### System proxy settings networking.proxy.default = "http://127.0.0.1:7890/";