nixos/clash: use systemd LoadCredential
This commit is contained in:
parent
0de1ec8d89
commit
b5b59e3729
2 changed files with 18 additions and 22 deletions
|
@ -43,17 +43,17 @@ in {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
# TODO: DynamicUser
|
# TODO: DynamicUser
|
||||||
# DynamicUser = true;
|
# DynamicUser = true;
|
||||||
# LoadCredential = "credentials:${config.sops.secrets."clash-config".path}";
|
User = config.users.users."clash".name;
|
||||||
|
Group = config.users.groups."clash".name;
|
||||||
|
|
||||||
# https://man.archlinux.org/man/systemd.exec.5
|
# https://man.archlinux.org/man/systemd.exec.5
|
||||||
ConfigurationDirectory = "clash";
|
ConfigurationDirectory = "clash";
|
||||||
User = config.users.users."clash".name;
|
LoadCredential = "configuration:${cfg.configFile}";
|
||||||
Group = config.users.groups."clash".name;
|
|
||||||
ExecStart = builtins.replaceStrings ["\n"] [" "] ''
|
ExecStart = builtins.replaceStrings ["\n"] [" "] ''
|
||||||
${lib.getExe cfg.package}
|
${lib.getExe cfg.package}
|
||||||
-d /etc/clash
|
-d /etc/clash
|
||||||
${lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}"}
|
${lib.optionalString (cfg.webui != null) "-ext-ui ${cfg.webui}"}
|
||||||
${lib.optionalString (cfg.configFile != null) "-f ${cfg.configFile}"}
|
${lib.optionalString (cfg.configFile != null) "-f \${CREDENTIALS_DIRECTORY}/configuration"}
|
||||||
${lib.optionalString (cfg.extraOpts != null) cfg.extraOpts}
|
${lib.optionalString (cfg.extraOpts != null) cfg.extraOpts}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
@ -21,10 +21,7 @@
|
||||||
# TODO: Using example config
|
# TODO: Using example config
|
||||||
# https://wiki.metacubex.one/example/conf/
|
# https://wiki.metacubex.one/example/conf/
|
||||||
# MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used
|
# MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used
|
||||||
sops.templates."clash.yaml" = {
|
sops.templates."clash.yaml".content =
|
||||||
owner = config.systemd.services."clash".serviceConfig.User;
|
|
||||||
group = config.systemd.services."clash".serviceConfig.Group;
|
|
||||||
content =
|
|
||||||
builtins.readFile ./config.yaml
|
builtins.readFile ./config.yaml
|
||||||
+ ''
|
+ ''
|
||||||
proxy-providers:
|
proxy-providers:
|
||||||
|
@ -38,7 +35,6 @@
|
||||||
# <<: *p
|
# <<: *p
|
||||||
# url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}"
|
# url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}"
|
||||||
'';
|
'';
|
||||||
};
|
|
||||||
|
|
||||||
### System proxy settings
|
### System proxy settings
|
||||||
networking.proxy.default = "http://127.0.0.1:7890/";
|
networking.proxy.default = "http://127.0.0.1:7890/";
|
||||||
|
|
Loading…
Reference in a new issue