nixos/clash: init
This commit is contained in:
parent
2cf6f52c8b
commit
dfd022660c
5 changed files with 66 additions and 41 deletions
|
@ -2,5 +2,8 @@
|
||||||
imports = [
|
imports = [
|
||||||
# utils that is used internally
|
# utils that is used internally
|
||||||
./myFlake
|
./myFlake
|
||||||
|
|
||||||
|
# nixpkgs styled options
|
||||||
|
./services
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
47
nixos/modules/services/clash.nix
Normal file
47
nixos/modules/services/clash.nix
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
cfg = config.services.clash;
|
||||||
|
in {
|
||||||
|
options.services.clash = {
|
||||||
|
enable = lib.mkEnableOption "Whether to enable Clash.";
|
||||||
|
package = lib.mkPackageOption pkgs "clash" {};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
### User running clash
|
||||||
|
users.groups."clash" = {};
|
||||||
|
users.users."clash" = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = config.users.groups."clash".name;
|
||||||
|
};
|
||||||
|
|
||||||
|
### systemd service
|
||||||
|
systemd.services."clash" = {
|
||||||
|
description = "Clash Daemon";
|
||||||
|
after = ["network-online.target"];
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
WorkingDirectory = "/etc/clash";
|
||||||
|
User = [config.users.users."clash".name];
|
||||||
|
Group = [config.users.groups."clash".name];
|
||||||
|
ExecStart = "${lib.getExe cfg.package} -d /etc/clash";
|
||||||
|
Restart = "on-failure";
|
||||||
|
CapabilityBoundingSet = [
|
||||||
|
"CAP_NET_ADMIN"
|
||||||
|
"CAP_NET_BIND_SERVICE"
|
||||||
|
"CAP_NET_RAW"
|
||||||
|
];
|
||||||
|
AmbientCapabilities = [
|
||||||
|
"CAP_NET_ADMIN"
|
||||||
|
"CAP_NET_BIND_SERVICE"
|
||||||
|
"CAP_NET_RAW"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
5
nixos/modules/services/default.nix
Executable file
5
nixos/modules/services/default.nix
Executable file
|
@ -0,0 +1,5 @@
|
||||||
|
{...}: {
|
||||||
|
imports = [
|
||||||
|
./clash.nix
|
||||||
|
];
|
||||||
|
}
|
|
@ -9,7 +9,7 @@
|
||||||
"/var/log"
|
"/var/log"
|
||||||
"/var/lib"
|
"/var/lib"
|
||||||
|
|
||||||
"/etc/clash-meta" # clash-meta
|
"/etc/clash" # clash
|
||||||
"/etc/secureboot" # sbctl, lanzaboote
|
"/etc/secureboot" # sbctl, lanzaboote
|
||||||
];
|
];
|
||||||
files = [
|
files = [
|
||||||
|
|
|
@ -2,54 +2,24 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
config,
|
config,
|
||||||
inputs,
|
inputs,
|
||||||
lib,
|
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
|
services.clash = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.clash-meta;
|
||||||
|
};
|
||||||
|
|
||||||
### sops-nix
|
### sops-nix
|
||||||
sops.secrets."clash-config" = {
|
sops.secrets."clash-config" = {
|
||||||
owner = config.users.users."clash-meta".name;
|
owner = config.users.users."clash".name;
|
||||||
group = config.users.groups."clash-meta".name;
|
group = config.users.groups."clash".name;
|
||||||
restartUnits = ["clash-meta.service"];
|
restartUnits = ["clash.service"];
|
||||||
path = "/etc/clash-meta/config.yaml";
|
path = "/etc/clash/config.yaml";
|
||||||
};
|
};
|
||||||
|
|
||||||
### System proxy settings
|
### System proxy settings
|
||||||
networking.proxy.default = "http://127.0.0.1:7890/";
|
networking.proxy.default = "http://127.0.0.1:7890/";
|
||||||
|
|
||||||
### User running proxy service
|
|
||||||
users.groups."clash-meta" = {};
|
|
||||||
users.users."clash-meta" = {
|
|
||||||
isSystemUser = true;
|
|
||||||
group = config.users.groups."clash-meta".name;
|
|
||||||
};
|
|
||||||
|
|
||||||
### Proxy service
|
|
||||||
systemd.services."clash-meta" = {
|
|
||||||
description = "Clash.Meta Client";
|
|
||||||
after = ["network-online.target"];
|
|
||||||
|
|
||||||
wantedBy = ["multi-user.target"];
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
WorkingDirectory = "/etc/clash-meta";
|
|
||||||
User = [config.users.users."clash-meta".name];
|
|
||||||
Group = [config.users.groups."clash-meta".name];
|
|
||||||
ExecStart = "${lib.getExe pkgs.clash-meta} -d /etc/clash-meta";
|
|
||||||
Restart = "on-failure";
|
|
||||||
CapabilityBoundingSet = [
|
|
||||||
"CAP_NET_ADMIN"
|
|
||||||
"CAP_NET_BIND_SERVICE"
|
|
||||||
"CAP_NET_RAW"
|
|
||||||
];
|
|
||||||
AmbientCapabilities = [
|
|
||||||
"CAP_NET_ADMIN"
|
|
||||||
"CAP_NET_BIND_SERVICE"
|
|
||||||
"CAP_NET_RAW"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
### Local Clash WebUI
|
### Local Clash WebUI
|
||||||
# You can also use the following website, just in case:
|
# You can also use the following website, just in case:
|
||||||
# - metacubexd:
|
# - metacubexd:
|
||||||
|
@ -60,5 +30,5 @@
|
||||||
# - https://yacd.haishan.me
|
# - https://yacd.haishan.me
|
||||||
# - clash-dashboard (buggy):
|
# - clash-dashboard (buggy):
|
||||||
# - https://clash.razord.top
|
# - https://clash.razord.top
|
||||||
environment.etc."clash-meta/metacubexd".source = inputs.self.packages.${pkgs.system}.metacubexd;
|
environment.etc."clash/metacubexd".source = inputs.self.packages.${pkgs.system}.metacubexd;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue