67 lines
No EOL
1.8 KiB
Nix
67 lines
No EOL
1.8 KiB
Nix
{ pkgs, config, inputs, ... }:
|
|
|
|
let
|
|
etcDirectory = "clash-meta";
|
|
in
|
|
{
|
|
imports = [
|
|
../../../../../flakes/nixos/sops-nix.nix
|
|
];
|
|
|
|
### sops-nix
|
|
sops.secrets."clash-config" = {
|
|
owner = config.users.users."clash-meta".name;
|
|
group = config.users.groups."clash-meta".name;
|
|
restartUnits = [ "clash-meta.service" ];
|
|
path = "/etc/${etcDirectory}/config.yaml";
|
|
};
|
|
|
|
### System proxy settings
|
|
networking.proxy.default = "http://127.0.0.1:7890/";
|
|
|
|
### User running proxy service
|
|
users.groups."clash-meta" = {};
|
|
users.users."clash-meta" = {
|
|
isSystemUser = true;
|
|
group = config.users.groups."clash-meta".name;
|
|
};
|
|
|
|
### Proxy service
|
|
systemd.services."clash-meta" = {
|
|
description = "Clash.Meta Client";
|
|
after = [ "network-online.target" ];
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
WorkingDirectory = "/etc/${etcDirectory}";
|
|
User = [ config.users.users."clash-meta".name ];
|
|
Group = [ config.users.groups."clash-meta".name ];
|
|
ExecStart = "${pkgs.clash-meta}/bin/clash-meta -d /etc/${etcDirectory}";
|
|
Restart = "on-failure";
|
|
CapabilityBoundingSet = [
|
|
"CAP_NET_ADMIN"
|
|
"CAP_NET_BIND_SERVICE"
|
|
"CAP_NET_RAW"
|
|
];
|
|
AmbientCapabilities = [
|
|
"CAP_NET_ADMIN"
|
|
"CAP_NET_BIND_SERVICE"
|
|
"CAP_NET_RAW"
|
|
];
|
|
};
|
|
};
|
|
|
|
### Local Clash WebUI
|
|
# You can also use the following website, just in case:
|
|
# - metacubexd:
|
|
# - GH Pages Custom Domain: http://d.metacubex.one
|
|
# - GH Pages: https://metacubex.github.io/metacubexd
|
|
# - Cloudflare Pages: https://metacubexd.pages.dev
|
|
# - yacd (Yet Another Clash Dashboard):
|
|
# - https://yacd.haishan.me
|
|
# - clash-dashboard (buggy):
|
|
# - https://clash.razord.top
|
|
environment.etc."${etcDirectory}/metacubexd".source = inputs.metacubexd;
|
|
} |