nixos/clash: use systemd LoadCredential

This commit is contained in:
Guanran Wang 2023-12-26 14:42:06 +08:00
parent 0de1ec8d89
commit b5b59e3729
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
2 changed files with 18 additions and 22 deletions

View file

@ -43,17 +43,17 @@ in {
serviceConfig = { serviceConfig = {
# TODO: DynamicUser # TODO: DynamicUser
# DynamicUser = true; # DynamicUser = true;
# LoadCredential = "credentials:${config.sops.secrets."clash-config".path}"; User = config.users.users."clash".name;
Group = config.users.groups."clash".name;
# https://man.archlinux.org/man/systemd.exec.5 # https://man.archlinux.org/man/systemd.exec.5
ConfigurationDirectory = "clash"; ConfigurationDirectory = "clash";
User = config.users.users."clash".name; LoadCredential = "configuration:${cfg.configFile}";
Group = config.users.groups."clash".name;
ExecStart = builtins.replaceStrings ["\n"] [" "] '' ExecStart = builtins.replaceStrings ["\n"] [" "] ''
${lib.getExe cfg.package} ${lib.getExe cfg.package}
-d /etc/clash -d /etc/clash
${lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}"} ${lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}"}
${lib.optionalString (cfg.configFile != null) "-f ${cfg.configFile}"} ${lib.optionalString (cfg.configFile != null) "-f \${CREDENTIALS_DIRECTORY}/configuration"}
${lib.optionalString (cfg.extraOpts != null) cfg.extraOpts} ${lib.optionalString (cfg.extraOpts != null) cfg.extraOpts}
''; '';

View file

@ -21,10 +21,7 @@
# TODO: Using example config # TODO: Using example config
# https://wiki.metacubex.one/example/conf/ # https://wiki.metacubex.one/example/conf/
# MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used # MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used
sops.templates."clash.yaml" = { sops.templates."clash.yaml".content =
owner = config.systemd.services."clash".serviceConfig.User;
group = config.systemd.services."clash".serviceConfig.Group;
content =
builtins.readFile ./config.yaml builtins.readFile ./config.yaml
+ '' + ''
proxy-providers: proxy-providers:
@ -38,7 +35,6 @@
# <<: *p # <<: *p
# url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}" # url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}"
''; '';
};
### System proxy settings ### System proxy settings
networking.proxy.default = "http://127.0.0.1:7890/"; networking.proxy.default = "http://127.0.0.1:7890/";