nixos: clash-meta-client: refactor

2023-12-31 20:23:24 +08:00 · 2023-12-31 20:23:24 +08:00 · df48e8c7c5
commit df48e8c7c5
parent 41f9f57d85
4 changed files with 70 additions and 131 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1 +1 @@
-*.yaml diff=sopsdiffer
+secrets.yaml diff=sopsdiffer
--- a/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/config.yaml
+++ b/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/config.yaml
@ -1,22 +1,28 @@
-######### 锚点 start #######
-# 策略组相关
-pr: &pr { type: select, proxies: [ 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点, 自动选择, DIRECT, ], }
-
-# 这里是订阅更新和延迟测试相关的
-p: &p { type: http, interval: 3600, health-check: { enable: true, url: https://www.gstatic.com/generate_204, interval: 300, }, }
+### YAML Anchors
+fetch: &fetch
+  type: http
+  interval: 3600
+  health-check:
+    enable: true
+    url: https://www.gstatic.com/generate_204
+    interval: 300

 use: &use
  type: select
  use:
    - efcloud
    - spcloud
-  #- pawdroid

-######### 锚点 end #######
+use-backup: &use-backup
+  type: select
+  use:
+    - pawdroid
+    - ermaozi
+    #- jsnzkpg

 allow-lan: true
 port: 7890
-unified-delay: false
+unified-delay: true
 tcp-concurrent: true
 external-controller: 127.0.0.1:9090
 log-level: warning
@ -34,89 +40,25 @@ profile:
  store-selected: true
  store-fake-ip: true

-sniffer:
-  enable: true
-  sniff:
-    HTTP:
-      ports: [80, 8080-8880]
-      override-destination: true
-    TLS:
-      ports: [443, 8443]
-    #QUIC:
-    #  ports: [443, 8443]
-  skip-domain:
-    - "Mijia Cloud"
-
-dns:
-  enable: true
-  listen: :1053
-  ipv6: true
-  enhanced-mode: fake-ip
-  fake-ip-filter:
-    - "*"
-    - "+.lan"
-    - "+.local"
-  nameserver:
-    - https://doh.pub/dns-query
-    - https://dns.alidns.com/dns-query
-  proxy-server-nameserver:
-    - https://doh.pub/dns-query
-  nameserver-policy:
-    "geosite:private":
-      - https://doh.pub/dns-query
-      - https://dns.alidns.com/dns-query
-    "geosite:geolocation-!cn":
-      - "https://dns.cloudflare.com/dns-query#dns"
-      - "https://dns.google/dns-query#dns"
-
 proxy-groups:
-  - { name: 默认, type: select, proxies: [自动选择, DIRECT, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点], }
-  - { name: dns, type: select, proxies: [自动选择, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点], }
-  - { name: Google, <<: *pr }
-  - { name: Telegram, <<: *pr }
-  - { name: Twitter, <<: *pr }
-  - { name: Pixiv, <<: *pr }
-  - { name: ehentai, <<: *pr }
-  - { name: 哔哩哔哩, <<: *pr }
-  - { name: 哔哩东南亚, <<: *pr }
-  - { name: 巴哈姆特, <<: *pr }
-  - { name: YouTube, <<: *pr }
-  - { name: NETFLIX, <<: *pr }
-  - { name: Spotify, <<: *pr }
-  - { name: Github, <<: *pr }
-  - { name: 国内, type: select, proxies: [ DIRECT, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点, 自动选择, ], }
-  - { name: 其他, <<: *pr }
+  - { name: PROXY, type: select, proxies: [自动选择, 备用自动选择, DIRECT] }
+
+  - { name: 自动选择, <<: *use, tolerance: 2, type: url-test }
+  - { name: 备用自动选择, <<: *use-backup, tolerance: 2, type: url-test }

  # 分隔,下面是地区分组
-  - { name: 香港, <<: *use, filter: "(?i)港|hk|hongkong|hong kong" }
-  - { name: 台湾, <<: *use, filter: "(?i)台|tw|taiwan" }
-  - { name: 日本, <<: *use, filter: "(?i)日本|jp|japan" }
-  - { name: 美国, <<: *use, filter: "(?i)美|us|unitedstates|united states" }
-  - { name: 新加坡, <<: *use, filter: "(?i)(新|sg|singapore)" }
-  - { name: 其它地区, <<: *use, filter: "(?i)^(?!.*(?:🇭🇰|🇯🇵|🇺🇸|🇸🇬|🇨🇳|港|hk|hongkong|台|tw|taiwan|日|jp|japan|新|sg|singapore|美|us|unitedstates)).*", }
-  - { name: 全部节点, <<: *use }
-  - { name: 自动选择, <<: *use, tolerance: 2, type: url-test }
+  #- { name: 香港, <<: *use, type: url-test, filter: "(?i)港|hk|hongkong|hong kong" }
+  - { name: 台湾, <<: *use, type: url-test, filter: "(?i)台|tw|taiwan" }
+  #- { name: 日本, <<: *use, type: url-test, filter: "(?i)日本|jp|japan" }
+  #- { name: 美国, <<: *use, type: url-test, filter: "(?i)美|us|unitedstates|united states" }
+  #- { name: 新加坡, <<: *use, type: url-test, filter: "(?i)(新|sg|singapore)" }

 rules:
  - GEOIP,   lan,       DIRECT, no-resolve
-  - GEOSITE, biliintl, 哔哩东南亚
-  - GEOSITE, ehentai, ehentai
-  - GEOSITE, github, Github
-  - GEOSITE, twitter, Twitter
-  - GEOSITE, youtube, YouTube
-  - GEOSITE, google, Google
-  - GEOSITE, telegram, Telegram
-  - GEOSITE, netflix, NETFLIX
-  - GEOSITE, bilibili, 哔哩哔哩
-  - GEOSITE, bahamut, 巴哈姆特
-  - GEOSITE, spotify, Spotify
-  - GEOSITE, pixiv, Pixiv
-  - GEOSITE, geolocation-!cn, 其他
+  - GEOSITE, bilibili,  DIRECT
+  - GEOSITE, spotify,   台湾
+  - GEOSITE, CN,        DIRECT
+  - GEOIP,   CN,        DIRECT

-  - GEOIP, google, Google
-  - GEOIP, netflix, NETFLIX
-  - GEOIP, telegram, Telegram
-  - GEOIP, twitter, Twitter
-  - GEOSITE, CN, 国内
-  - GEOIP, CN, 国内
-  - MATCH, 其他
+  # 未匹配到任何规则
+  - MATCH, PROXY
--- a/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/default.nix
+++ b/users/guanranwang/nixos/profiles/common/opt-in/clash-meta-client/default.nix
@ -11,42 +11,39 @@
    webui = inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.metacubexd;
  };

-  ### sops-nix
-  sops.secrets = builtins.mapAttrs (_name: value: value // {restartUnits = ["clash.service"];}) {
-    "clash/proxy-providers/efcloud" = {};
-    "clash/proxy-providers/spcloud" = {};
-    "clash/proxy-providers/pawdroid" = {};
-  };
-
-  # TODO: Using example config
-  # https://wiki.metacubex.one/example/conf/
-  # MetaCubeX/Meta-Docs doesnt look reliable through commit messages, no fetchers was used
-  sops.templates."clash.yaml".content =
-    builtins.readFile ./config.yaml
-    + ''
-      proxy-providers:
-        efcloud:
-          <<: *p
-          url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}"
-        spcloud:
-          <<: *p
-          url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}"
-        #pawdroid:
-        #  <<: *p
-        #  url: "${config.sops.placeholder."clash/proxy-providers/pawdroid"}"
-    '';
-
  ### System proxy settings
  networking.proxy.default = "http://127.0.0.1:7890/";

-  ### Local Clash WebUI
-  # You can also use the following website, just in case:
-  # - metacubexd:
-  #   - GH Pages Custom Domain: http://d.metacubex.one
-  #   - GH Pages: https://metacubex.github.io/metacubexd
-  #   - Cloudflare Pages: https://metacubexd.pages.dev
-  # - yacd (Yet Another Clash Dashboard):
-  #   - https://yacd.haishan.me
-  # - clash-dashboard (buggy):
-  #   - https://clash.razord.top
+  ### sops-nix
+  sops.secrets = builtins.mapAttrs (_name: value: value // {restartUnits = ["clash.service"];}) {
+    "clash/secret" = {};
+    "clash/proxy-providers/efcloud" = {};
+    "clash/proxy-providers/spcloud" = {};
+  };
+
+  sops.templates."clash.yaml".content = let
+    convert = url: "https://sub.maoxiongnet.com/sub?target=clash&list=true&url=${url}";
+  in
+    builtins.readFile ./config.yaml
+    + ''
+      secret: "${config.sops.placeholder."clash/secret"}"
+      proxy-providers:
+        efcloud:
+          <<: *fetch
+          url: "${config.sops.placeholder."clash/proxy-providers/efcloud"}"
+        spcloud:
+          <<: *fetch
+          url: "${config.sops.placeholder."clash/proxy-providers/spcloud"}"
+
+        # Free servers that I dont really care about
+        pawdroid:
+          <<: *fetch
+          url: "${convert "https://cdn.jsdelivr.net/gh/Pawdroid/Free-servers@main/sub"}"
+        ermaozi:
+          <<: *fetch
+          url: "${convert "https://cdn.jsdelivr.net/gh/ermaozi/get_subscribe@main/subscribe/v2ray.txt"}"
+        #jsnzkpg:
+        #  <<: *fetch
+        #  url: "${convert "https://cdn.jsdelivr.net/gh/Jsnzkpg/Jsnzkpg@Jsnzkpg/Jsnzkpg"}"
+    '';
 }
--- a/users/guanranwang/secrets.yaml
+++ b/users/guanranwang/secrets.yaml
@ -4,10 +4,10 @@ wireless:
    wangxiaobo: ENC[AES256_GCM,data:Lz1gAdJn2aBn/TdcQRjErSrIAJHlq0mT9qsE72ocEMxNqx6TW6dJkbRfKZ6IDe/a2HNP3zUpX3MjjRbCepBkZIHmsg1SwkGfA7wWysQOxXRXYCoqWH+NbP4xm6r0QV5RGTmXU+bnKubrrJZ8Z2M2n5LDp3bf16XL22Wjsyakju4z36d1K7NPBUoCIHoVKJaLam29rWDyIaBOfZbzG+M5reGLt1hVPDWWYGjnB4xC4lqQE5bpyKrVtoU+XATCWIIx3ZZWqJsf3TVzEDvu1aCb127PMCP2lqI55Hf94RgsZPWWgoLrAhaI8t067hAWPOfdfZEEGetO4BjzJwRyCNQAvqx+YLe0RJOz3lriUP3ie1mYmft4AyhV8JUmVZhEsJ7peATt+ds11BUuGw2SU9cKSa2NHM/K7e1x23Kofl1qrFF+ylr1Sy8OCZhfBozdFnPDzcYsuApe0xvMYCt4fsHFjB/kGtIG7rdGapJnvgAwhewd3dTtg4mAKPgvYr4FdWgDSr7GqrDdgqT2W8nbtJ5oQQnYmDnX+0tfLcF15EgvEN9mLIpsdNfVX3eOp1e/Z6fsbdMtpyNuMRwNDAi9V1tsYTDM/+U9xvZK3DWNX6XTYQ==,iv:nq2Hj7aY+M8QJoA08oyvg55UuxJdnoGTT2KQNu3B8Z8=,tag:sYV4ZE2evYb3U4JRPCJT3Q==,type:str]
    OpenWrt: ENC[AES256_GCM,data:tlZJExED1Brv4/hOJjbgEbyLMQZVfNhl/5ux94IDM5jSL2lEBYy74qf4VVn2SKMYUuu7bjV7UlnwrD/jzDRuO/gWfkeuoZ5uh3pX0s2wv5E2Z7nJjkYtVn0XDlr8m/4Y6R14ahSIqKJKY4LAAeuQo0t7jEeYv4E3kuyhXUNE5jjrdD9mW+ObS1WV/DpBqUZc3dJe+88EVzgVa5F/L+VWQ3Klz5TduQzqfOyjjoNe+z8gwODzHczfPZCdplfo4PbrMWV8FlyUdJUX37nkZiEkyUpPuksZHb5OPAtx9fCh/KF5y/txS9oZTwOkiE4LBQBpj2NcLMQGOEdtRYLzJekyaOGChrtD+mFfL9LBuLwQLAzHLUI4oZ3PUgu3zXYevtmyrSSwlK/2iama71swmNu+qYws+WkjMVyF4MB/KCtMJULbZW9XJp7tw7cfSzek0RMizlk3MgrEyF2w3J9vx6Q4OHPSE48kgK2Kw0kg93wl9uO6kCRq0QiTJ6lZHopsWyWHTcs1,iv:kvBRYkhFAmDCSdU5Nkc66VblbjQfWHp7ls8x0d46ueA=,tag:Y/oa7vgoI/VsZ+OyJUjZ/g==,type:str]
 clash:
+    secret: ENC[AES256_GCM,data:eCq/pDlSOw==,iv:QGNKxqmkj9BWFBJGj/O4fUL8Ey8zGEHMsWX02DrM82U=,tag:z2vVCBSt6mw47ca2xoxg9A==,type:str]
    proxy-providers:
        efcloud: ENC[AES256_GCM,data:DlHSnseHDn8XxkF3yapqQdbi0yWL61KSWb3cmzUA6vPcDc0RiiVO2uDJmrRjGH3PBoct/MAB5dzxE7WZjBPwqWj5elHZ6TTMGxy7oK3qT8uUGPZFdT4=,iv:GahaI2q+Gjh7LDhUTNqMVCgMWnIKPC9QyFDd/2DbSmg=,tag:CPnEKB63ZxgN36eXtm41Mw==,type:str]
-        spcloud: ENC[AES256_GCM,data:64w9Jee/2tI61bvpF2J6fqLCQ61IU3FVcmqzM/5SuMjugMv129aerEWKFM7onkP6/13us93P/QBcLZSZV8s1w9S29TkBg0vCkuSAKhPw3m80LQ==,iv:PKeCx9usUpbyd384MyLbOd7EifHYvdFdvATulg5erTM=,tag:CIYSqas61EoW9q5DVRTTRg==,type:str]
-        pawdroid: ENC[AES256_GCM,data:+Z+y+Jy50TlyHnttwdBykxlr4vUj5Vg1zj/+vmGMYhe02Oc7Kr/FOjLSdNA8WxsnC+laI51IQJrOMyznZ9NyC+JH6vrVkNCvijAwt8hrYP38nB2XAjMm22s7RsGoaWZbhYqyuuOJZXyehcDWzo8o9Rn01ysAl0tKT6Ws5xxlenRhmdiUyBRcdFTS/MsQkoIv8BoDe1OhDoJU1NeXp4yO8BrEd7NtAJEb1qqS1NROjbI2+h02D8OEZQwbx/tu+KpPrOQYmT8tkZpYRS0O1oQgUL4QIvj+tjiOvk5sXlYjJzOPVLkqtoryImV7IBeuK3ysKf5ouhraQ4B6gZalEFX032I2niWM8ofPrYs=,iv:fPvhYk9WMkvYJryYsM0+Ue/yRuep/eQPo7Y/rweIBik=,tag:SlAW6F76da+Flf/XPcKyeg==,type:str]
+        spcloud: ENC[AES256_GCM,data:Uz0SLmSxzV/hcsBuYtlsZ5G5E8wjzmHcFMGCyBrEewOr6gAdBQvC4njotYbMIdQAQRTgAE2wBukdSxXWCTrNph7uoVhskz1YkNjxnQVPUO5WfQ==,iv:TwHPdeATx+LanfhHeD7M5sSf3M2NLBWBAAaFTwgsK7A=,tag:9DMgcSoy4ksYl/dPWwA+dA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -32,8 +32,8 @@ sops:
            bEdVQ0dicTVaRkJUNFB0d3Y1S1hmL3MKFVPyIyjRkQcdimUE/tWxQzQU1cqkB5lN
            o+7a8JuA5gOxG7OInWbfkDe9/wSFCJW2S5z9jON/tLy6atPdmPYUdg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-31T09:52:42Z"
-    mac: ENC[AES256_GCM,data:fvzoR5xJGhKbQmHpkBRMOjmUqoC9sNiKdT2nSN4fuHFieScdeUg8H1oJNuGs2jU12aXWNg9Pofqm0/jv44DsyRbrq7/X88ASm1gxnk0acuiE2n0ig8pc/qro9Osx5e7tjzJDfLICnELzkJH4RyOIVb95Ka3bklb1Q7xQ1BRgZzQ=,iv:ndhhZ2fgxyh06tBa/uyx06aQvQev/mWGmViqTDGRSsE=,tag:RxDX7LwWp8EHvTH0CUfOYQ==,type:str]
+    lastmodified: "2023-12-31T11:49:35Z"
+    mac: ENC[AES256_GCM,data:7L+xswMEZXBv1Em9UGT9OZ6EqYZhk1/9zXT8kmhmcctK/d6PBds/VLVNM9YcV8ztIsrsjWQabQ7ni4km5B0SFLqyey2CUfz4blxwXB3HuTrA8Sox9BZnqwTPl9NopRnEdbhHOQLvq5aO581a0w+Mmzg0Pf0RI7YpvAxPDzOdod8=,iv:JqfjHcse+BYJ1eFvOqHRpTGH+Q+0vIsTOOGdbPKiXHw=,tag:BtwtWTU/CGPmor5YjNxTeQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1