From df48e8c7c555f32cbbf9bc04c472de15a1cce4ba Mon Sep 17 00:00:00 2001 From: Guanran Wang Date: Sun, 31 Dec 2023 20:23:24 +0800 Subject: [PATCH] nixos: clash-meta-client: refactor --- .gitattributes | 2 +- .../opt-in/clash-meta-client/config.yaml | 124 +++++------------- .../opt-in/clash-meta-client/default.nix | 67 +++++----- users/guanranwang/secrets.yaml | 8 +- 4 files changed, 70 insertions(+), 131 deletions(-) diff --git a/.gitattributes b/.gitattributes index d69905b..faf7328 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1 @@ -*.yaml diff=sopsdiffer +secrets.yaml diff=sopsdiffer diff --git a/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/config.yaml b/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/config.yaml index 11e9184..0219469 100644 --- a/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/config.yaml +++ b/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/config.yaml @@ -1,22 +1,28 @@ -######### 锚点 start ####### -# 策略组相关 -pr: &pr { type: select, proxies: [ 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点, 自动选择, DIRECT, ], } - -# 这里是订阅更新和延迟测试相关的 -p: &p { type: http, interval: 3600, health-check: { enable: true, url: https://www.gstatic.com/generate_204, interval: 300, }, } +### YAML Anchors +fetch: &fetch + type: http + interval: 3600 + health-check: + enable: true + url: https://www.gstatic.com/generate_204 + interval: 300 use: &use type: select use: - - efcloud - - spcloud - #- pawdroid + - efcloud + - spcloud -######### 锚点 end ####### +use-backup: &use-backup + type: select + use: + - pawdroid + - ermaozi + #- jsnzkpg allow-lan: true port: 7890 -unified-delay: false +unified-delay: true tcp-concurrent: true external-controller: 127.0.0.1:9090 log-level: warning @@ -34,89 +40,25 @@ profile: store-selected: true store-fake-ip: true -sniffer: - enable: true - sniff: - HTTP: - ports: [80, 8080-8880] - override-destination: true - TLS: - ports: [443, 8443] - #QUIC: - # ports: [443, 8443] - skip-domain: - - "Mijia Cloud" - -dns: - enable: true - listen: :1053 - ipv6: true - enhanced-mode: fake-ip - fake-ip-filter: - - "*" - - "+.lan" - - "+.local" - nameserver: - - https://doh.pub/dns-query - - https://dns.alidns.com/dns-query - proxy-server-nameserver: - - https://doh.pub/dns-query - nameserver-policy: - "geosite:private": - - https://doh.pub/dns-query - - https://dns.alidns.com/dns-query - "geosite:geolocation-!cn": - - "https://dns.cloudflare.com/dns-query#dns" - - "https://dns.google/dns-query#dns" - proxy-groups: - - { name: 默认, type: select, proxies: [自动选择, DIRECT, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点], } - - { name: dns, type: select, proxies: [自动选择, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点], } - - { name: Google, <<: *pr } - - { name: Telegram, <<: *pr } - - { name: Twitter, <<: *pr } - - { name: Pixiv, <<: *pr } - - { name: ehentai, <<: *pr } - - { name: 哔哩哔哩, <<: *pr } - - { name: 哔哩东南亚, <<: *pr } - - { name: 巴哈姆特, <<: *pr } - - { name: YouTube, <<: *pr } - - { name: NETFLIX, <<: *pr } - - { name: Spotify, <<: *pr } - - { name: Github, <<: *pr } - - { name: 国内, type: select, proxies: [ DIRECT, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点, 自动选择, ], } - - { name: 其他, <<: *pr } + - { name: PROXY, type: select, proxies: [自动选择, 备用自动选择, DIRECT] } + + - { name: 自动选择, <<: *use, tolerance: 2, type: url-test } + - { name: 备用自动选择, <<: *use-backup, tolerance: 2, type: url-test } # 分隔,下面是地区分组 - - { name: 香港, <<: *use, filter: "(?i)港|hk|hongkong|hong kong" } - - { name: 台湾, <<: *use, filter: "(?i)台|tw|taiwan" } - - { name: 日本, <<: *use, filter: "(?i)日本|jp|japan" } - - { name: 美国, <<: *use, filter: "(?i)美|us|unitedstates|united states" } - - { name: 新加坡, <<: *use, filter: "(?i)(新|sg|singapore)" } - - { name: 其它地区, <<: *use, filter: "(?i)^(?!.*(?:🇭🇰|🇯🇵|🇺🇸|🇸🇬|🇨🇳|港|hk|hongkong|台|tw|taiwan|日|jp|japan|新|sg|singapore|美|us|unitedstates)).*", } - - { name: 全部节点, <<: *use } - - { name: 自动选择, <<: *use, tolerance: 2, type: url-test } + #- { name: 香港, <<: *use, type: url-test, filter: "(?i)港|hk|hongkong|hong kong" } + - { name: 台湾, <<: *use, type: url-test, filter: "(?i)台|tw|taiwan" } + #- { name: 日本, <<: *use, type: url-test, filter: "(?i)日本|jp|japan" } + #- { name: 美国, <<: *use, type: url-test, filter: "(?i)美|us|unitedstates|united states" } + #- { name: 新加坡, <<: *use, type: url-test, filter: "(?i)(新|sg|singapore)" } rules: - - GEOIP, lan, DIRECT, no-resolve - - GEOSITE, biliintl, 哔哩东南亚 - - GEOSITE, ehentai, ehentai - - GEOSITE, github, Github - - GEOSITE, twitter, Twitter - - GEOSITE, youtube, YouTube - - GEOSITE, google, Google - - GEOSITE, telegram, Telegram - - GEOSITE, netflix, NETFLIX - - GEOSITE, bilibili, 哔哩哔哩 - - GEOSITE, bahamut, 巴哈姆特 - - GEOSITE, spotify, Spotify - - GEOSITE, pixiv, Pixiv - - GEOSITE, geolocation-!cn, 其他 + - GEOIP, lan, DIRECT, no-resolve + - GEOSITE, bilibili, DIRECT + - GEOSITE, spotify, 台湾 + - GEOSITE, CN, DIRECT + - GEOIP, CN, DIRECT - - GEOIP, google, Google - - GEOIP, netflix, NETFLIX - - GEOIP, telegram, Telegram - - GEOIP, twitter, Twitter - - GEOSITE, CN, 国内 - - GEOIP, CN, 国内 - - MATCH, 其他 \ No newline at end of file + # 未匹配到任何规则 + - MATCH, PROXY diff --git a/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/default.nix b/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/default.nix index 208034e..30f048f 100644 --- a/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/default.nix +++ b/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/default.nix @@ -11,42 +11,39 @@ webui = inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.metacubexd; }; - ### sops-nix - sops.secrets = builtins.mapAttrs (_name: value: value // {restartUnits = ["clash.service"];}) { - "clash/proxy-providers/efcloud" = {}; - "clash/proxy-providers/spcloud" = {}; - "clash/proxy-providers/pawdroid" = {}; - }; - - # TODO: Using example config - # https://wiki.metacubex.one/example/conf/ - # MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used - sops.templates."clash.yaml".content = - builtins.readFile ./config.yaml - + '' - proxy-providers: - efcloud: - <<: *p - url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}" - spcloud: - <<: *p - url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}" - #pawdroid: - # <<: *p - # url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}" - ''; - ### System proxy settings networking.proxy.default = "http://127.0.0.1:7890/"; - ### Local Clash WebUI - # You can also use the following website, just in case: - # - metacubexd: - # - GH Pages Custom Domain: http://d.metacubex.one - # - GH Pages: https://metacubex.github.io/metacubexd - # - Cloudflare Pages: https://metacubexd.pages.dev - # - yacd (Yet Another Clash Dashboard): - # - https://yacd.haishan.me - # - clash-dashboard (buggy): - # - https://clash.razord.top + ### sops-nix + sops.secrets = builtins.mapAttrs (_name: value: value // {restartUnits = ["clash.service"];}) { + "clash/secret" = {}; + "clash/proxy-providers/efcloud" = {}; + "clash/proxy-providers/spcloud" = {}; + }; + + sops.templates."clash.yaml".content = let + convert = url: "https://sub.maoxiongnet.com/sub?target=clash&list=true&url=${url}"; + in + builtins.readFile ./config.yaml + + '' + secret: "${config.sops.placeholder."clash/secret"}" + proxy-providers: + efcloud: + <<: *fetch + url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}" + spcloud: + <<: *fetch + url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}" + + # Free servers that I dont really care about + pawdroid: + <<: *fetch + url: "${convert "https://cdn.jsdelivr.net/gh/Pawdroid/Free-servers@main/sub"}" + ermaozi: + <<: *fetch + url: "${convert "https://cdn.jsdelivr.net/gh/ermaozi/get_subscribe@main/subscribe/v2ray.txt"}" + #jsnzkpg: + # <<: *fetch + # url: "${convert "https://cdn.jsdelivr.net/gh/Jsnzkpg/Jsnzkpg@Jsnzkpg/Jsnzkpg"}" + ''; } diff --git a/users/guanranwang/secrets.yaml b/users/guanranwang/secrets.yaml index 610aff2..3e1f466 100644 --- a/users/guanranwang/secrets.yaml +++ b/users/guanranwang/secrets.yaml @@ -4,10 +4,10 @@ wireless: wangxiaobo: ENC[AES256_GCM,data:Lz1gAdJn2aBn/TdcQRjErSrIAJHlq0mT9qsE72ocEMxNqx6TW6dJkbRfKZ6IDe/a2HNP3zUpX3MjjRbCepBkZIHmsg1SwkGfA7wWysQOxXRXYCoqWH+NbP4xm6r0QV5RGTmXU+bnKubrrJZ8Z2M2n5LDp3bf16XL22Wjsyakju4z36d1K7NPBUoCIHoVKJaLam29rWDyIaBOfZbzG+M5reGLt1hVPDWWYGjnB4xC4lqQE5bpyKrVtoU+XATCWIIx3ZZWqJsf3TVzEDvu1aCb127PMCP2lqI55Hf94RgsZPWWgoLrAhaI8t067hAWPOfdfZEEGetO4BjzJwRyCNQAvqx+YLe0RJOz3lriUP3ie1mYmft4AyhV8JUmVZhEsJ7peATt+ds11BUuGw2SU9cKSa2NHM/K7e1x23Kofl1qrFF+ylr1Sy8OCZhfBozdFnPDzcYsuApe0xvMYCt4fsHFjB/kGtIG7rdGapJnvgAwhewd3dTtg4mAKPgvYr4FdWgDSr7GqrDdgqT2W8nbtJ5oQQnYmDnX+0tfLcF15EgvEN9mLIpsdNfVX3eOp1e/Z6fsbdMtpyNuMRwNDAi9V1tsYTDM/+U9xvZK3DWNX6XTYQ==,iv:nq2Hj7aY+M8QJoA08oyvg55UuxJdnoGTT2KQNu3B8Z8=,tag:sYV4ZE2evYb3U4JRPCJT3Q==,type:str] OpenWrt: ENC[AES256_GCM,data:tlZJExED1Brv4/hOJjbgEbyLMQZVfNhl/5ux94IDM5jSL2lEBYy74qf4VVn2SKMYUuu7bjV7UlnwrD/jzDRuO/gWfkeuoZ5uh3pX0s2wv5E2Z7nJjkYtVn0XDlr8m/4Y6R14ahSIqKJKY4LAAeuQo0t7jEeYv4E3kuyhXUNE5jjrdD9mW+ObS1WV/DpBqUZc3dJe+88EVzgVa5F/L+VWQ3Klz5TduQzqfOyjjoNe+z8gwODzHczfPZCdplfo4PbrMWV8FlyUdJUX37nkZiEkyUpPuksZHb5OPAtx9fCh/KF5y/txS9oZTwOkiE4LBQBpj2NcLMQGOEdtRYLzJekyaOGChrtD+mFfL9LBuLwQLAzHLUI4oZ3PUgu3zXYevtmyrSSwlK/2iama71swmNu+qYws+WkjMVyF4MB/KCtMJULbZW9XJp7tw7cfSzek0RMizlk3MgrEyF2w3J9vx6Q4OHPSE48kgK2Kw0kg93wl9uO6kCRq0QiTJ6lZHopsWyWHTcs1,iv:kvBRYkhFAmDCSdU5Nkc66VblbjQfWHp7ls8x0d46ueA=,tag:Y/oa7vgoI/VsZ+OyJUjZ/g==,type:str] clash: + secret: ENC[AES256_GCM,data:eCq/pDlSOw==,iv:QGNKxqmkj9BWFBJGj/O4fUL8Ey8zGEHMsWX02DrM82U=,tag:z2vVCBSt6mw47ca2xoxg9A==,type:str] proxy-providers: efcloud: ENC[AES256_GCM,data:DlHSnseHDn8XxkF3yapqQdbi0yWL61KSWb3cmzUA6vPcDc0RiiVO2uDJmrRjGH3PBoct/MAB5dzxE7WZjBPwqWj5elHZ6TTMGxy7oK3qT8uUGPZFdT4=,iv:GahaI2q+Gjh7LDhUTNqMVCgMWnIKPC9QyFDd/2DbSmg=,tag:CPnEKB63ZxgN36eXtm41Mw==,type:str] - spcloud: ENC[AES256_GCM,data:64w9Jee/2tI61bvpF2J6fqLCQ61IU3FVcmqzM/5SuMjugMv129aerEWKFM7onkP6/13us93P/QBcLZSZV8s1w9S29TkBg0vCkuSAKhPw3m80LQ==,iv:PKeCx9usUpbyd384MyLbOd7EifHYvdFdvATulg5erTM=,tag:CIYSqas61EoW9q5DVRTTRg==,type:str] - pawdroid: ENC[AES256_GCM,data:+Z+y+Jy50TlyHnttwdBykxlr4vUj5Vg1zj/+vmGMYhe02Oc7Kr/FOjLSdNA8WxsnC+laI51IQJrOMyznZ9NyC+JH6vrVkNCvijAwt8hrYP38nB2XAjMm22s7RsGoaWZbhYqyuuOJZXyehcDWzo8o9Rn01ysAl0tKT6Ws5xxlenRhmdiUyBRcdFTS/MsQkoIv8BoDe1OhDoJU1NeXp4yO8BrEd7NtAJEb1qqS1NROjbI2+h02D8OEZQwbx/tu+KpPrOQYmT8tkZpYRS0O1oQgUL4QIvj+tjiOvk5sXlYjJzOPVLkqtoryImV7IBeuK3ysKf5ouhraQ4B6gZalEFX032I2niWM8ofPrYs=,iv:fPvhYk9WMkvYJryYsM0+Ue/yRuep/eQPo7Y/rweIBik=,tag:SlAW6F76da+Flf/XPcKyeg==,type:str] + spcloud: ENC[AES256_GCM,data:Uz0SLmSxzV/hcsBuYtlsZ5G5E8wjzmHcFMGCyBrEewOr6gAdBQvC4njotYbMIdQAQRTgAE2wBukdSxXWCTrNph7uoVhskz1YkNjxnQVPUO5WfQ==,iv:TwHPdeATx+LanfhHeD7M5sSf3M2NLBWBAAaFTwgsK7A=,tag:9DMgcSoy4ksYl/dPWwA+dA==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +32,8 @@ sops: bEdVQ0dicTVaRkJUNFB0d3Y1S1hmL3MKFVPyIyjRkQcdimUE/tWxQzQU1cqkB5lN o+7a8JuA5gOxG7OInWbfkDe9/wSFCJW2S5z9jON/tLy6atPdmPYUdg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-31T09:52:42Z" - mac: ENC[AES256_GCM,data:fvzoR5xJGhKbQmHpkBRMOjmUqoC9sNiKdT2nSN4fuHFieScdeUg8H1oJNuGs2jU12aXWNg9Pofqm0/jv44DsyRbrq7/X88ASm1gxnk0acuiE2n0ig8pc/qro9Osx5e7tjzJDfLICnELzkJH4RyOIVb95Ka3bklb1Q7xQ1BRgZzQ=,iv:ndhhZ2fgxyh06tBa/uyx06aQvQev/mWGmViqTDGRSsE=,tag:RxDX7LwWp8EHvTH0CUfOYQ==,type:str] + lastmodified: "2023-12-31T11:49:35Z" + mac: ENC[AES256_GCM,data:7L+xswMEZXBv1Em9UGT9OZ6EqYZhk1/9zXT8kmhmcctK/d6PBds/VLVNM9YcV8ztIsrsjWQabQ7ni4km5B0SFLqyey2CUfz4blxwXB3HuTrA8Sox9BZnqwTPl9NopRnEdbhHOQLvq5aO581a0w+Mmzg0Pf0RI7YpvAxPDzOdod8=,iv:JqfjHcse+BYJ1eFvOqHRpTGH+Q+0vIsTOOGdbPKiXHw=,tag:BtwtWTU/CGPmor5YjNxTeQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1