Commit 351be58
Changed files (10)
modules
nixos
base
options
nixos
modules/nixos/base/mihomo/config/default.nix
@@ -0,0 +1,20 @@
+{mylib, ...}: {
+ imports = mylib.scanModules ./.;
+
+ services.mihomo.config = {
+ mixed-port = 7154;
+ allow-lan = true;
+ mode = "rule";
+ log-level = "warning";
+ ipv6 = false;
+ find-process-mode = "strict";
+ external-controller = "127.0.0.1:9090";
+ unified-delay = true;
+ tcp-concurrent = true;
+ global-client-fingerprint = "chrome";
+ profile = {
+ store-selected = true;
+ store-fake-ip = true;
+ };
+ };
+}
modules/nixos/base/mihomo/config/dns.nix
@@ -0,0 +1,40 @@
+{...}: {
+ services.mihomo.config.dns = {
+ enable = true;
+ prefer-h3 = true;
+ ipv6 = false;
+ enhanced-mode = "fake-ip";
+ fake-ip-range = "198.18.0.1/16";
+ fake-ip-filter = [
+ "+.+m2m"
+ "+.$injections.adguard.org"
+ "+.$local.adguard.org"
+ "+.+bogon"
+ "+.+lan"
+ "+.+local"
+ "+.+localdomain"
+ "+.home.arpa"
+ "dns.msftncsi.com"
+ "*.srv.nintendo.net"
+ "*.stun.playstation.net"
+ "xbox.*.microsoft.com"
+ "*.xboxlive.com"
+ "*.turn.twilio.com"
+ "*.stun.twilio.com"
+ "stun.syncthing.net"
+ "stun.*"
+ "*.sslip.io"
+ "*.nip.io"
+ ];
+ respect-rules = true;
+ nameserver = [
+ "system"
+ "https://223.5.5.5/dns-query"
+ "https://doh.pub/dns-query"
+ ];
+ proxy-server-nameserver = [
+ "https://223.5.5.5/dns-query"
+ "https://doh.pub/dns-query"
+ ];
+ };
+}
modules/nixos/base/mihomo/config/proxy-groups.nix
@@ -0,0 +1,210 @@
+{...}: let
+ FilterHK = "^(?=.*((?i)๐ญ๐ฐ|้ฆๆธฏ|\\b(HK|Hong)(\\d+)?\\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$";
+ FilterTW = "^(?=.*((?i)๐น๐ผ|ๅฐๆนพ|\\b(TW|Tai|Taiwan)(\\d+)?\\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$";
+ FilterJP = "^(?=.*((?i)๐ฏ๐ต|ๆฅๆฌ|ๅทๆฅ|ไธไบฌ|ๅคง้ช|ๆณๆฅ|ๅผ็|\\b(JP|Japan)(\\d+)?\\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$";
+ FilterKR = "^(?=.*((?i)๐ฐ๐ท|้ฉๅฝ|้|้ฆๅฐ|\\b(KR|Korea)(\\d+)?\\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$";
+ FilterSG = "^(?=.*((?i)๐ธ๐ฌ|ๆฐๅ ๅก|็ฎ|\\b(SG|Singapore)(\\d+)?\\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$";
+ FilterUS = "^(?=.*((?i)๐บ๐ธ|็พๅฝ|ๆณข็นๅ
ฐ|่พพๆๆฏ|ไฟๅๅ|ๅคๅฐๅ|่ดนๅฉ่|็ก
่ฐท|ๆๆฏ็ปดๅ ๆฏ|ๆดๆ็ถ|ๅฃไฝๅก|ๅฃๅ
ๆๆ|่ฅฟ้
ๅพ|่ๅ ๅฅ|\\b(US|United States)(\\d+)?\\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$";
+ FilterUK = "^(?=.*((?i)๐ฌ๐ง|่ฑๅฝ|ไผฆๆฆ|\\b(UK|United Kingdom)(\\d+)?\\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$";
+ FilterFR = "^(?=.*((?i)๐ซ๐ท|ๆณๅฝ|\\b(FR|France)(\\d+)?\\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$";
+ FilterDE = "^(?=.*((?i)๐ฉ๐ช|ๅพทๅฝ|\\b(DE|Germany)(\\d+)?\\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$";
+ FilterOthers = "^(?!.*(๐ญ๐ฐ|HK|Hong|้ฆๆธฏ|๐น๐ผ|TW|Taiwan|Wan|๐ฏ๐ต|JP|Japan|ๆฅๆฌ|๐ธ๐ฌ|SG|Singapore|็ฎๅ|๐บ๐ธ|US|United States|America|็พๅฝ|๐ฉ๐ช|DE|Germany|ๅพทๅฝ|๐ฌ๐ง|UK|United Kingdom|่ฑๅฝ|๐ฐ๐ท|KR|Korea|้ฉๅฝ|้|๐ซ๐ท|FR|France|ๆณๅฝ)).*$";
+ FilterAll = "^(?=.*(.))(?!.*((?i)็พค|้่ฏท|่ฟๅฉ|ๅพช็ฏ|ๅฎ็ฝ|ๅฎขๆ|็ฝ็ซ|็ฝๅ|่ทๅ|่ฎข้
|ๆต้|ๅฐๆ|ๆบๅบ|ไธๆฌก|็ๆฌ|ๅฎๅ|ๅค็จ|่ฟๆ|ๅทฒ็จ|่็ณป|้ฎ็ฎฑ|ๅทฅๅ|่ดฉๅ|้็ฅ|ๅๅ|้ฒๆญข|ๅฝๅ
|ๅฐๅ|้ข้|ๆ ๆณ|่ฏดๆ|ไฝฟ็จ|ๆ็คบ|็นๅซ|่ฎฟ้ฎ|ๆฏๆ|ๆ็จ|ๅ
ณๆณจ|ๆดๆฐ|ไฝ่
|ๅ ๅ
ฅ|(\\b(USE|USED|TOTAL|EXPIRE|EMAIL|Panel|Channel|Author)\\b|(\\d{4}-\\d{2}-\\d{2}|\\d+G)))).*$";
+
+ Select = {
+ type = "select";
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ disable-udp = false;
+ hidden = false;
+ include-all = true;
+ };
+ Auto = {
+ type = "url-test";
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ interval = 300;
+ tolerance = 50;
+ disable-udp = false;
+ hidden = true;
+ include-all = true;
+ };
+in {
+ services.mihomo.config.proxy-groups =
+ [
+ # ไธป้ๆฉ็ป
+ {
+ name = "๐ฏ ่็น้ๆฉ";
+ type = "select";
+ proxies = ["่ชๅจ้ๆฉ" "ๆๅจ้ๆฉ" "DIRECT"];
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Static.png";
+ }
+ # ๆๅจ/่ชๅจ
+ {
+ name = "ๆๅจ้ๆฉ";
+ type = "select";
+ proxies = [
+ "๐ญ๐ฐ - ๆๅจ้ๆฉ"
+ "๐ฏ๐ต - ๆๅจ้ๆฉ"
+ "๐ฐ๐ท - ๆๅจ้ๆฉ"
+ "๐ธ๐ฌ - ๆๅจ้ๆฉ"
+ "๐บ๐ธ - ๆๅจ้ๆฉ"
+ "๐ฌ๐ง - ๆๅจ้ๆฉ"
+ "๐ซ๐ท - ๆๅจ้ๆฉ"
+ "๐ฉ๐ช - ๆๅจ้ๆฉ"
+ "๐น๐ผ - ๆๅจ้ๆฉ"
+ "Others - ๆๅจ้ๆฉ"
+ ];
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Cylink.png";
+ }
+ {
+ name = "่ชๅจ้ๆฉ";
+ type = "select";
+ proxies = [
+ "๐ญ๐ฐ - ่ชๅจ้ๆฉ"
+ "๐ฏ๐ต - ่ชๅจ้ๆฉ"
+ "๐ฐ๐ท - ่ชๅจ้ๆฉ"
+ "๐ธ๐ฌ - ่ชๅจ้ๆฉ"
+ "๐บ๐ธ - ่ชๅจ้ๆฉ"
+ "๐ฌ๐ง - ่ชๅจ้ๆฉ"
+ "๐ซ๐ท - ่ชๅจ้ๆฉ"
+ "๐ฉ๐ช - ่ชๅจ้ๆฉ"
+ "๐น๐ผ - ่ชๅจ้ๆฉ"
+ ];
+ url = "http://connectivitycheck.platform.hicloud.com/generate_204";
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Urltest.png";
+ }
+ # ๅบ็จๅ็ป
+ {
+ name = "โ๏ธ ็ตๆฅไฟกๆฏ";
+ type = "select";
+ proxies = [
+ "๐ฏ ่็น้ๆฉ"
+ "๐ญ๐ฐ - ่ชๅจ้ๆฉ"
+ "๐ฏ๐ต - ่ชๅจ้ๆฉ"
+ "๐ธ๐ฌ - ่ชๅจ้ๆฉ"
+ "๐บ๐ธ - ่ชๅจ้ๆฉ"
+ ];
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Telegram.png";
+ }
+ {
+ name = "๐ค AIGC";
+ type = "select";
+ proxies = [
+ "๐บ๐ธ - ่ชๅจ้ๆฉ"
+ "๐ฏ ่็น้ๆฉ"
+ "๐ญ๐ฐ - ่ชๅจ้ๆฉ"
+ "๐ฏ๐ต - ่ชๅจ้ๆฉ"
+ "๐ธ๐ฌ - ่ชๅจ้ๆฉ"
+ ];
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/OpenAI.png";
+ }
+ {
+ name = "๐ ่นๆๆๅก";
+ type = "select";
+ proxies = ["DIRECT" "๐ฏ ่็น้ๆฉ" "๐ญ๐ฐ - ่ชๅจ้ๆฉ" "๐บ๐ธ - ่ชๅจ้ๆฉ"];
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Apple.png";
+ }
+ {
+ name = "โ๏ธ ๅพฎ่ฝฏๆๅก";
+ type = "select";
+ proxies = ["DIRECT" "๐ฏ ่็น้ๆฉ" "๐ญ๐ฐ - ่ชๅจ้ๆฉ" "๐บ๐ธ - ่ชๅจ้ๆฉ"];
+ icon = "https://raw.githubusercontent.com/Orz-3/mini/master/Color/Microsoft.png";
+ }
+ ]
+ ++ (map (x: Auto // x) [
+ # ่ชๅจ้ๆฉ - ๆๅฐๅบ
+ {
+ name = "๐ญ๐ฐ - ่ชๅจ้ๆฉ";
+ filter = FilterHK;
+ }
+ {
+ name = "๐ฏ๐ต - ่ชๅจ้ๆฉ";
+ filter = FilterJP;
+ }
+ {
+ name = "๐ฐ๐ท - ่ชๅจ้ๆฉ";
+ filter = FilterKR;
+ }
+ {
+ name = "๐ธ๐ฌ - ่ชๅจ้ๆฉ";
+ filter = FilterSG;
+ }
+ {
+ name = "๐บ๐ธ - ่ชๅจ้ๆฉ";
+ filter = FilterUS;
+ }
+ {
+ name = "๐ฌ๐ง - ่ชๅจ้ๆฉ";
+ filter = FilterUK;
+ }
+ {
+ name = "๐ซ๐ท - ่ชๅจ้ๆฉ";
+ filter = FilterFR;
+ }
+ {
+ name = "๐ฉ๐ช - ่ชๅจ้ๆฉ";
+ filter = FilterDE;
+ }
+ {
+ name = "๐น๐ผ - ่ชๅจ้ๆฉ";
+ filter = FilterTW;
+ }
+ ])
+ ++ (map (x: Select // x) [
+ # ๆๅจ้ๆฉ - ๆๅฐๅบ
+ {
+ name = "๐ญ๐ฐ - ๆๅจ้ๆฉ";
+ filter = FilterHK;
+ }
+ {
+ name = "๐ฏ๐ต - ๆๅจ้ๆฉ";
+ filter = FilterJP;
+ }
+ {
+ name = "๐ฐ๐ท - ๆๅจ้ๆฉ";
+ filter = FilterKR;
+ }
+ {
+ name = "๐ธ๐ฌ - ๆๅจ้ๆฉ";
+ filter = FilterSG;
+ }
+ {
+ name = "๐บ๐ธ - ๆๅจ้ๆฉ";
+ filter = FilterUS;
+ }
+ {
+ name = "๐ฌ๐ง - ๆๅจ้ๆฉ";
+ filter = FilterUK;
+ }
+ {
+ name = "๐ซ๐ท - ๆๅจ้ๆฉ";
+ filter = FilterFR;
+ }
+ {
+ name = "๐ฉ๐ช - ๆๅจ้ๆฉ";
+ filter = FilterDE;
+ }
+ {
+ name = "๐น๐ผ - ๆๅจ้ๆฉ";
+ filter = FilterTW;
+ }
+ {
+ name = "Others - ๆๅจ้ๆฉ";
+ filter = FilterOthers;
+ }
+ ])
+ ++ [
+ # ๅ
จ้จ่็น
+ (Select
+ // {
+ name = "AllIn - ๆๅจ้ๆฉ";
+ filter = FilterAll;
+ })
+ (Auto
+ // {
+ name = "AllIn - ่ชๅจ้ๆฉ";
+ filter = FilterAll;
+ })
+ ];
+}
modules/nixos/base/mihomo/config/proxy-providers.nix
@@ -0,0 +1,28 @@
+{config, ...}: let
+ NodeParam = {
+ type = "http";
+ interval = 86400;
+ health-check = {
+ enable = true;
+ url = "http://cp.cloudflare.com";
+ interval = 300;
+ };
+ };
+in {
+ services.mihomo.config.proxy-providers = {
+ "Node-YiYuan" =
+ NodeParam
+ // {
+ url = config.sops.placeholder."mihomo/providers/yi_yuan";
+ path = "./proxy_provider/providers-yi_yuan.yaml";
+ override.additional-prefix = "[YY]";
+ };
+ "Node-MoJie" =
+ NodeParam
+ // {
+ url = config.sops.placeholder."mihomo/providers/mo_jie";
+ path = "./proxy_provider/providers-mo_jie.yaml";
+ override.additional-prefix = "[MJ]";
+ };
+ };
+}
modules/nixos/base/mihomo/config/rules.nix
@@ -0,0 +1,227 @@
+{...}: let
+ RuleSet_classical = {
+ type = "http";
+ behavior = "classical";
+ interval = 43200;
+ format = "text";
+ proxy = "๐ฏ ่็น้ๆฉ";
+ };
+ RuleSet_domain = {
+ type = "http";
+ behavior = "domain";
+ interval = 43200;
+ format = "text";
+ proxy = "๐ฏ ่็น้ๆฉ";
+ };
+ RuleSet_ipcidr = {
+ type = "http";
+ behavior = "ipcidr";
+ interval = 43200;
+ format = "text";
+ proxy = "๐ฏ ่็น้ๆฉ";
+ };
+in {
+ services.mihomo.config = {
+ rules = [
+ # ่ช่ฎข็ฑป่งๅ
+ "AND,((RULE-SET,my_services),(DST-PORT,80/443)),๐ฏ ่็น้ๆฉ"
+ "RULE-SET,my_services,DIRECT"
+ # ้ IP ็ฑป่งๅ
+ "RULE-SET,reject_non_ip,REJECT"
+ "RULE-SET,reject_domainset,REJECT"
+ "RULE-SET,reject_non_ip_drop,REJECT-DROP"
+ "RULE-SET,reject_non_ip_no_drop,REJECT"
+ "RULE-SET,cdn_domainset,๐ฏ ่็น้ๆฉ"
+ "RULE-SET,cdn_non_ip,๐ฏ ่็น้ๆฉ"
+ "RULE-SET,stream_non_ip,๐บ๐ธ - ่ชๅจ้ๆฉ"
+ "RULE-SET,telegram_non_ip,โ๏ธ ็ตๆฅไฟกๆฏ"
+ "RULE-SET,apple_cdn,DIRECT"
+ "RULE-SET,download_domainset,๐ฏ ่็น้ๆฉ"
+ "RULE-SET,download_non_ip,๐ฏ ่็น้ๆฉ"
+ "RULE-SET,microsoft_cdn_non_ip,DIRECT"
+ "RULE-SET,apple_cn_non_ip,DIRECT"
+ "RULE-SET,apple_services,๐ ่นๆๆๅก"
+ "RULE-SET,microsoft_non_ip,โ๏ธ ๅพฎ่ฝฏๆๅก"
+ "RULE-SET,ai_non_ip,๐ค AIGC"
+ "RULE-SET,global_non_ip,๐ฏ ่็น้ๆฉ"
+ "RULE-SET,domestic_non_ip,DIRECT"
+ "RULE-SET,direct_non_ip,DIRECT"
+ "RULE-SET,lan_non_ip,DIRECT"
+ # IP ็ฑป่งๅ
+ "RULE-SET,reject_ip,REJECT"
+ "RULE-SET,telegram_ip,โ๏ธ ็ตๆฅไฟกๆฏ"
+ "RULE-SET,stream_ip,๐บ๐ธ - ่ชๅจ้ๆฉ"
+ "RULE-SET,lan_ip,DIRECT"
+ "RULE-SET,domestic_ip,DIRECT"
+ "RULE-SET,china_ip,DIRECT"
+ "MATCH,๐ฏ ่็น้ๆฉ"
+ ];
+ rule-providers = {
+ reject_non_ip_no_drop =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/reject-no-drop.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_non_ip_no_drop.txt";
+ };
+ reject_non_ip_drop =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/reject-drop.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_non_ip_drop.txt";
+ };
+ reject_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/reject.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_non_ip.txt";
+ };
+ reject_domainset =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/domainset/reject.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_domainset.txt";
+ };
+ reject_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/reject.txt";
+ path = "./rule_set/sukkaw_ruleset/reject_ip.txt";
+ };
+ cdn_domainset =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/domainset/cdn.txt";
+ path = "./rule_set/sukkaw_ruleset/cdn_domainset.txt";
+ };
+ cdn_non_ip =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/cdn.txt";
+ path = "./rule_set/sukkaw_ruleset/cdn_non_ip.txt";
+ };
+ stream_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/stream.txt";
+ path = "./rule_set/sukkaw_ruleset/stream_non_ip.txt";
+ };
+ stream_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/stream.txt";
+ path = "./rule_set/sukkaw_ruleset/stream_ip.txt";
+ };
+ ai_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/ai.txt";
+ path = "./rule_set/sukkaw_ruleset/ai_non_ip.txt";
+ };
+ telegram_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/telegram.txt";
+ path = "./rule_set/sukkaw_ruleset/telegram_non_ip.txt";
+ };
+ telegram_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/telegram.txt";
+ path = "./rule_set/sukkaw_ruleset/telegram_ip.txt";
+ };
+ apple_cdn =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt";
+ path = "./rule_set/sukkaw_ruleset/apple_cdn.txt";
+ };
+ apple_services =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/apple_services.txt";
+ path = "./rule_set/sukkaw_ruleset/apple_services.txt";
+ };
+ apple_cn_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/apple_cn.txt";
+ path = "./rule_set/sukkaw_ruleset/apple_cn_non_ip.txt";
+ };
+ microsoft_cdn_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt";
+ path = "./rule_set/sukkaw_ruleset/microsoft_cdn_non_ip.txt";
+ };
+ microsoft_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/microsoft.txt";
+ path = "./rule_set/sukkaw_ruleset/microsoft_non_ip.txt";
+ };
+ download_domainset =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/domainset/download.txt";
+ path = "./rule_set/sukkaw_ruleset/download_domainset.txt";
+ };
+ download_non_ip =
+ RuleSet_domain
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/download.txt";
+ path = "./rule_set/sukkaw_ruleset/download_non_ip.txt";
+ };
+ lan_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/lan.txt";
+ path = "./rule_set/sukkaw_ruleset/lan_non_ip.txt";
+ };
+ lan_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/lan.txt";
+ path = "./rule_set/sukkaw_ruleset/lan_ip.txt";
+ };
+ domestic_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/domestic.txt";
+ path = "./rule_set/sukkaw_ruleset/domestic_non_ip.txt";
+ };
+ direct_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/direct.txt";
+ path = "./rule_set/sukkaw_ruleset/direct_non_ip.txt";
+ };
+ global_non_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/non_ip/global.txt";
+ path = "./rule_set/sukkaw_ruleset/global_non_ip.txt";
+ };
+ domestic_ip =
+ RuleSet_classical
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/domestic.txt";
+ path = "./rule_set/sukkaw_ruleset/domestic_ip.txt";
+ };
+ china_ip =
+ RuleSet_ipcidr
+ // {
+ url = "https://ruleset.skk.moe/Clash/ip/china_ip.txt";
+ path = "./rule_set/sukkaw_ruleset/china_ip.txt";
+ };
+ my_services = {
+ type = "inline";
+ behavior = "classical";
+ payload = [
+ "DOMAIN-SUFFIX,hpcesia.com"
+ "DOMAIN-SUFFIX,trin.one"
+ "DOMAIN-SUFFIX,mxrouting.net"
+ ];
+ };
+ };
+ };
+}
modules/nixos/base/mihomo/config/sniffer.nix
@@ -0,0 +1,21 @@
+{...}: {
+ services.mihomo.config.sniffer = {
+ enable = true;
+ sniff = {
+ HTTP = {
+ ports = [80 "8080-8880"];
+ override-destination = true;
+ };
+ TLS = {
+ ports = [443 8443];
+ };
+ QUIC = {
+ ports = [443 8443];
+ };
+ };
+ skip-domain = [
+ "Mijia Cloud"
+ "+.push.apple.com"
+ ];
+ };
+}
modules/nixos/base/mihomo/config/tun.nix
@@ -0,0 +1,15 @@
+{...}: {
+ services.mihomo.config.tun = {
+ enable = true;
+ stack = "mixed";
+ device = "ElysianRealm";
+ auto-route = true;
+ auto-detect-interface = true;
+ dns-hijack = [
+ "any:53"
+ "tcp://any:53"
+ ];
+ strict-route = true;
+ mtu = 1500;
+ };
+}
modules/nixos/base/mihomo/config.yaml
@@ -1,457 +0,0 @@
-# From https://github.com/yyhhyyyyyy/selfproxy
-
-mixed-port: 7154
-allow-lan: true
-mode: rule
-log-level: warning
-ipv6: false
-find-process-mode: strict
-external-controller: 127.0.0.1:9090
-unified-delay: true
-tcp-concurrent: true
-global-client-fingerprint: chrome
-
-profile:
- store-selected: true
- store-fake-ip: true
-
-dns:
- enable: true
- prefer-h3: true
- ipv6: false
- enhanced-mode: fake-ip
- fake-ip-range: 198.18.0.1/16
- fake-ip-filter:
- - +.+m2m
- - +.$injections.adguard.org
- - +.$local.adguard.org
- - +.+bogon
- - +.+lan
- - +.+local
- - +.+localdomain
- - +.home.arpa
- - dns.msftncsi.com
- - "*.srv.nintendo.net"
- - "*.stun.playstation.net"
- - xbox.*.microsoft.com
- - "*.xboxlive.com"
- - "*.turn.twilio.com"
- - "*.stun.twilio.com"
- - stun.syncthing.net
- - stun.*
- - "*.sslip.io"
- - "*.nip.io"
-
- respect-rules: true
- nameserver:
- - system
- - https://223.5.5.5/dns-query
- - https://doh.pub/dns-query
- proxy-server-nameserver:
- - https://223.5.5.5/dns-query
- - https://doh.pub/dns-query
-
-sniffer:
- enable: true
- sniff:
- HTTP:
- ports: [80, 8080-8880]
- override-destination: true
- TLS:
- ports: [443, 8443]
- QUIC:
- ports: [443, 8443]
- skip-domain:
- - "Mijia Cloud"
- - "+.push.apple.com"
-
-tun:
- enable: true
- stack: mixed
- device: ElysianRealm
- auto-route: true
- auto-detect-interface: true
- dns-hijack:
- - any:53
- - tcp://any:53
- strict-route: true
- mtu: 1500
-
-# # ่ฎข้
้
็ฝฎ
-# # ่ฟ้จๅๅจ `default.nix` ไธญ้
็ฝฎ
-# NodeParam:
-# &NodeParam {
-# type: http,
-# interval: 86400,
-# health-check:
-# { enable: true, url: "http://cp.cloudflare.com", interval: 300 },
-# }
-# proxy-providers:
-# Node-1:
-# url: "<ๅ ไฝ็ฌฆ>"
-# <<: *NodeParam
-# path: "./proxy_provider/providers-1.yaml"
-# override:
-# additional-prefix: "[A] "
-# Node-2:
-# url: "<ๅ ไฝ็ฌฆ>"
-# <<: *NodeParam
-# path: "./proxy_provider/providers-2.yaml"
-# override:
-# additional-prefix: "[B] "
-
-# ่็น็ญ้
-# ๆๅฐๅบ็ญ้
-FilterHK: &FilterHK '^(?=.*((?i)๐ญ๐ฐ|้ฆๆธฏ|\b(HK|Hong)(\d+)?\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$'
-FilterTW: &FilterTW '^(?=.*((?i)๐น๐ผ|ๅฐๆนพ|\b(TW|Tai|Taiwan)(\d+)?\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$'
-FilterJP: &FilterJP '^(?=.*((?i)๐ฏ๐ต|ๆฅๆฌ|ๅทๆฅ|ไธไบฌ|ๅคง้ช|ๆณๆฅ|ๅผ็|\b(JP|Japan)(\d+)?\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$'
-FilterKR: &FilterKR '^(?=.*((?i)๐ฐ๐ท|้ฉๅฝ|้|้ฆๅฐ|\b(KR|Korea)(\d+)?\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$'
-FilterSG: &FilterSG '^(?=.*((?i)๐ธ๐ฌ|ๆฐๅ ๅก|็ฎ|\b(SG|Singapore)(\d+)?\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$'
-FilterUS: &FilterUS '^(?=.*((?i)๐บ๐ธ|็พๅฝ|ๆณข็นๅ
ฐ|่พพๆๆฏ|ไฟๅๅ|ๅคๅฐๅ|่ดนๅฉ่|็ก
่ฐท|ๆๆฏ็ปดๅ ๆฏ|ๆดๆ็ถ|ๅฃไฝๅก|ๅฃๅ
ๆๆ|่ฅฟ้
ๅพ|่ๅ ๅฅ|\b(US|United States)(\d+)?\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$'
-FilterUK: &FilterUK '^(?=.*((?i)๐ฌ๐ง|่ฑๅฝ|ไผฆๆฆ|\b(UK|United Kingdom)(\d+)?\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$'
-FilterFR: &FilterFR '^(?=.*((?i)๐ซ๐ท|ๆณๅฝ|\b(FR|France)(\d+)?\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$'
-FilterDE: &FilterDE '^(?=.*((?i)๐ฉ๐ช|ๅพทๅฝ|\b(DE|Germany)(\d+)?\b))(?!.*((?i)ๅๅฝ|ๆ กๅญ|็ฝ็ซ|ๅฐๅ|ๅฉไฝ|่ฟๆ|ๆถ้ด|ๆๆ|็ฝๅ|็ฆๆญข|้ฎ็ฎฑ|ๅๅธ|ๅฎขๆ|่ฎข้
|่็น)).*$'
-FilterOthers: &FilterOthers "^(?!.*(๐ญ๐ฐ|HK|Hong|้ฆๆธฏ|๐น๐ผ|TW|Taiwan|Wan|๐ฏ๐ต|JP|Japan|ๆฅๆฌ|๐ธ๐ฌ|SG|Singapore|็ฎๅ|๐บ๐ธ|US|United States|America|็พๅฝ|๐ฉ๐ช|DE|Germany|ๅพทๅฝ|๐ฌ๐ง|UK|United Kingdom|่ฑๅฝ|๐ฐ๐ท|KR|Korea|้ฉๅฝ|้|๐ซ๐ท|FR|France|ๆณๅฝ)).*$"
-FilterAll: &FilterAll '^(?=.*(.))(?!.*((?i)็พค|้่ฏท|่ฟๅฉ|ๅพช็ฏ|ๅฎ็ฝ|ๅฎขๆ|็ฝ็ซ|็ฝๅ|่ทๅ|่ฎข้
|ๆต้|ๅฐๆ|ๆบๅบ|ไธๆฌก|็ๆฌ|ๅฎๅ|ๅค็จ|่ฟๆ|ๅทฒ็จ|่็ณป|้ฎ็ฎฑ|ๅทฅๅ|่ดฉๅ|้็ฅ|ๅๅ|้ฒๆญข|ๅฝๅ
|ๅฐๅ|้ข้|ๆ ๆณ|่ฏดๆ|ไฝฟ็จ|ๆ็คบ|็นๅซ|่ฎฟ้ฎ|ๆฏๆ|ๆ็จ|ๅ
ณๆณจ|ๆดๆฐ|ไฝ่
|ๅ ๅ
ฅ|(\b(USE|USED|TOTAL|EXPIRE|EMAIL|Panel|Channel|Author)\b|(\d{4}-\d{2}-\d{2}|\d+G)))).*$'
-
-Select:
- &Select {
- type: select,
- url: "http://connectivitycheck.platform.hicloud.com/generate_204",
- disable-udp: false,
- hidden: false,
- include-all: true,
- }
-Auto:
- &Auto {
- type: url-test,
- url: "http://connectivitycheck.platform.hicloud.com/generate_204",
- interval: 300,
- tolerance: 50,
- disable-udp: false,
- hidden: true,
- include-all: true,
- }
-
-# ็ญ็ฅ็ป
-proxy-groups:
- # ไธป้ๆฉ็ป
- - {
- name: ๐ฏ ่็น้ๆฉ,
- type: select,
- proxies: [่ชๅจ้ๆฉ, ๆๅจ้ๆฉ, DIRECT],
- url: http://connectivitycheck.platform.hicloud.com/generate_204,
- icon: https://raw.githubusercontent.com/Orz-3/mini/master/Color/Static.png,
- }
-
- # ๆๅจ/่ชๅจ
- - {
- name: ๆๅจ้ๆฉ,
- type: select,
- proxies:
- [
- ๐ญ๐ฐ - ๆๅจ้ๆฉ,
- ๐ฏ๐ต - ๆๅจ้ๆฉ,
- ๐ฐ๐ท - ๆๅจ้ๆฉ,
- ๐ธ๐ฌ - ๆๅจ้ๆฉ,
- ๐บ๐ธ - ๆๅจ้ๆฉ,
- ๐ฌ๐ง - ๆๅจ้ๆฉ,
- ๐ซ๐ท - ๆๅจ้ๆฉ,
- ๐ฉ๐ช - ๆๅจ้ๆฉ,
- ๐น๐ผ - ๆๅจ้ๆฉ,
- Others - ๆๅจ้ๆฉ,
- ],
- url: http://connectivitycheck.platform.hicloud.com/generate_204,
- icon: https://raw.githubusercontent.com/Orz-3/mini/master/Color/Cylink.png,
- }
- - {
- name: ่ชๅจ้ๆฉ,
- type: select,
- proxies:
- [
- ๐ญ๐ฐ - ่ชๅจ้ๆฉ,
- ๐ฏ๐ต - ่ชๅจ้ๆฉ,
- ๐ฐ๐ท - ่ชๅจ้ๆฉ,
- ๐ธ๐ฌ - ่ชๅจ้ๆฉ,
- ๐บ๐ธ - ่ชๅจ้ๆฉ,
- ๐ฌ๐ง - ่ชๅจ้ๆฉ,
- ๐ซ๐ท - ่ชๅจ้ๆฉ,
- ๐ฉ๐ช - ่ชๅจ้ๆฉ,
- ๐น๐ผ - ่ชๅจ้ๆฉ,
- ],
- url: http://connectivitycheck.platform.hicloud.com/generate_204,
- icon: https://raw.githubusercontent.com/Orz-3/mini/master/Color/Urltest.png,
- }
-
- # ๅบ็จๅ็ป
- - {
- name: โ๏ธ ็ตๆฅไฟกๆฏ,
- type: select,
- proxies:
- [
- ๐ฏ ่็น้ๆฉ,
- ๐ญ๐ฐ - ่ชๅจ้ๆฉ,
- ๐ฏ๐ต - ่ชๅจ้ๆฉ,
- ๐ธ๐ฌ - ่ชๅจ้ๆฉ,
- ๐บ๐ธ - ่ชๅจ้ๆฉ,
- ],
- icon: https://raw.githubusercontent.com/Orz-3/mini/master/Color/Telegram.png,
- }
- - {
- name: ๐ค AIGC,
- type: select,
- proxies:
- [
- ๐บ๐ธ - ่ชๅจ้ๆฉ,
- ๐ฏ ่็น้ๆฉ,
- ๐ญ๐ฐ - ่ชๅจ้ๆฉ,
- ๐ฏ๐ต - ่ชๅจ้ๆฉ,
- ๐ธ๐ฌ - ่ชๅจ้ๆฉ,
- ],
- icon: https://raw.githubusercontent.com/Orz-3/mini/master/Color/OpenAI.png,
- }
- - {
- name: ๐ ่นๆๆๅก,
- type: select,
- proxies: [DIRECT, ๐ฏ ่็น้ๆฉ, ๐ญ๐ฐ - ่ชๅจ้ๆฉ, ๐บ๐ธ - ่ชๅจ้ๆฉ],
- icon: https://raw.githubusercontent.com/Orz-3/mini/master/Color/Apple.png,
- }
- - {
- name: โ๏ธ ๅพฎ่ฝฏๆๅก,
- type: select,
- proxies: [DIRECT, ๐ฏ ่็น้ๆฉ, ๐ญ๐ฐ - ่ชๅจ้ๆฉ, ๐บ๐ธ - ่ชๅจ้ๆฉ],
- icon: https://raw.githubusercontent.com/Orz-3/mini/master/Color/Microsoft.png,
- }
-
- # ่ชๅจ้ๆฉ - ๆๅฐๅบ
- - { name: ๐ญ๐ฐ - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterHK }
- - { name: ๐ฏ๐ต - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterJP }
- - { name: ๐ฐ๐ท - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterKR }
- - { name: ๐ธ๐ฌ - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterSG }
- - { name: ๐บ๐ธ - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterUS }
- - { name: ๐ฌ๐ง - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterUK }
- - { name: ๐ซ๐ท - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterFR }
- - { name: ๐ฉ๐ช - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterDE }
- - { name: ๐น๐ผ - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterTW }
-
- # ๆๅจ้ๆฉ - ๆๅฐๅบ
- - { name: ๐ญ๐ฐ - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterHK }
- - { name: ๐ฏ๐ต - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterJP }
- - { name: ๐ฐ๐ท - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterKR }
- - { name: ๐ธ๐ฌ - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterSG }
- - { name: ๐บ๐ธ - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterUS }
- - { name: ๐ฌ๐ง - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterUK }
- - { name: ๐ซ๐ท - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterFR }
- - { name: ๐ฉ๐ช - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterDE }
- - { name: ๐น๐ผ - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterTW }
- - { name: Others - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterOthers }
-
- # ๅ
จ้จ่็น
- - { name: AllIn - ๆๅจ้ๆฉ, <<: *Select, filter: *FilterAll }
- - { name: AllIn - ่ชๅจ้ๆฉ, <<: *Auto, filter: *FilterAll }
-
-### ่งๅ้
็ฝฎ
-RuleSet_classical:
- &RuleSet_classical {
- type: http,
- behavior: classical,
- interval: 43200,
- format: text,
- proxy: ๐ฏ ่็น้ๆฉ,
- }
-RuleSet_domain:
- &RuleSet_domain {
- type: http,
- behavior: domain,
- interval: 43200,
- format: text,
- proxy: ๐ฏ ่็น้ๆฉ,
- }
-RuleSet_ipcidr:
- &RuleSet_ipcidr {
- type: http,
- behavior: ipcidr,
- interval: 43200,
- format: text,
- proxy: ๐ฏ ่็น้ๆฉ,
- }
-
-# ่ฎข้
่งๅ
-rule-providers:
- reject_non_ip_no_drop:
- <<: *RuleSet_classical
- url: "https://ruleset.skk.moe/Clash/non_ip/reject-no-drop.txt"
- path: "./rule_set/sukkaw_ruleset/reject_non_ip_no_drop.txt"
-
- reject_non_ip_drop:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/reject-drop.txt
- path: ./rule_set/sukkaw_ruleset/reject_non_ip_drop.txt
-
- reject_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/reject.txt
- path: ./rule_set/sukkaw_ruleset/reject_non_ip.txt
-
- reject_domainset:
- <<: *RuleSet_domain
- url: https://ruleset.skk.moe/Clash/domainset/reject.txt
- path: ./rule_set/sukkaw_ruleset/reject_domainset.txt
-
- reject_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/ip/reject.txt
- path: ./rule_set/sukkaw_ruleset/reject_ip.txt
-
- cdn_domainset:
- <<: *RuleSet_domain
- url: https://ruleset.skk.moe/Clash/domainset/cdn.txt
- path: ./rule_set/sukkaw_ruleset/cdn_domainset.txt
-
- cdn_non_ip:
- <<: *RuleSet_domain
- url: https://ruleset.skk.moe/Clash/non_ip/cdn.txt
- path: ./rule_set/sukkaw_ruleset/cdn_non_ip.txt
-
- # ๆๆๆตๅชไฝ๏ผๅ
ๆฌไธ่ฟฐๆๆๆตๅชไฝ๏ผ
- stream_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/stream.txt
- path: ./rule_set/sukkaw_ruleset/stream_non_ip.txt
-
- stream_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/ip/stream.txt
- path: ./rule_set/sukkaw_ruleset/stream_ip.txt
-
- ai_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/ai.txt
- path: ./rule_set/sukkaw_ruleset/ai_non_ip.txt
-
- telegram_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/telegram.txt
- path: ./rule_set/sukkaw_ruleset/telegram_non_ip.txt
-
- telegram_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/ip/telegram.txt
- path: ./rule_set/sukkaw_ruleset/telegram_ip.txt
-
- apple_cdn:
- <<: *RuleSet_domain
- url: https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt
- path: ./rule_set/sukkaw_ruleset/apple_cdn.txt
-
- apple_services:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/apple_services.txt
- path: ./rule_set/sukkaw_ruleset/apple_services.txt
-
- apple_cn_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/apple_cn.txt
- path: ./rule_set/sukkaw_ruleset/apple_cn_non_ip.txt
-
- microsoft_cdn_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt
- path: ./rule_set/sukkaw_ruleset/microsoft_cdn_non_ip.txt
-
- microsoft_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/microsoft.txt
- path: ./rule_set/sukkaw_ruleset/microsoft_non_ip.txt
-
- # ่ฝฏไปถๆดๆฐใๆไฝ็ณป็ป็ญๅคงๆไปถไธ่ฝฝ
- download_domainset:
- <<: *RuleSet_domain
- url: https://ruleset.skk.moe/Clash/domainset/download.txt
- path: ./rule_set/sukkaw_ruleset/download_domainset.txt
-
- download_non_ip:
- <<: *RuleSet_domain
- url: https://ruleset.skk.moe/Clash/non_ip/download.txt
- path: ./rule_set/sukkaw_ruleset/download_non_ip.txt
-
- # ๅ
็ฝๅๅๅๅฑๅ็ฝ IP
- lan_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/lan.txt
- path: ./rule_set/sukkaw_ruleset/lan_non_ip.txt
-
- lan_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/ip/lan.txt
- path: ./rule_set/sukkaw_ruleset/lan_ip.txt
-
- domestic_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/domestic.txt
- path: ./rule_set/sukkaw_ruleset/domestic_non_ip.txt
-
- direct_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/direct.txt
- path: ./rule_set/sukkaw_ruleset/direct_non_ip.txt
-
- global_non_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/non_ip/global.txt
- path: ./rule_set/sukkaw_ruleset/global_non_ip.txt
-
- domestic_ip:
- <<: *RuleSet_classical
- url: https://ruleset.skk.moe/Clash/ip/domestic.txt
- path: ./rule_set/sukkaw_ruleset/domestic_ip.txt
-
- china_ip:
- <<: *RuleSet_ipcidr
- url: https://ruleset.skk.moe/Clash/ip/china_ip.txt
- path: ./rule_set/sukkaw_ruleset/china_ip.txt
-
- my_services:
- type: inline
- behavior: classical
- payload:
- - DOMAIN-SUFFIX,hpcesia.com
- - DOMAIN-SUFFIX,trin.one
- - DOMAIN-SUFFIX,mxrouting.net
-
-# ๅๆต่งๅ
-rules:
- ### ่ช่ฎข็ฑป่งๅ
- - AND,((RULE-SET,my_services),(DST-PORT,80/443)),๐ฏ ่็น้ๆฉ
- - RULE-SET,my_services,DIRECT
-
- ### ้ IP ็ฑป่งๅ
- - RULE-SET,reject_non_ip,REJECT
- - RULE-SET,reject_domainset,REJECT
- - RULE-SET,reject_non_ip_drop,REJECT-DROP
- - RULE-SET,reject_non_ip_no_drop,REJECT
- - RULE-SET,cdn_domainset,๐ฏ ่็น้ๆฉ
- - RULE-SET,cdn_non_ip,๐ฏ ่็น้ๆฉ
- - RULE-SET,stream_non_ip,๐บ๐ธ - ่ชๅจ้ๆฉ
- - RULE-SET,telegram_non_ip,โ๏ธ ็ตๆฅไฟกๆฏ
- - RULE-SET,apple_cdn,DIRECT
- - RULE-SET,download_domainset,๐ฏ ่็น้ๆฉ
- - RULE-SET,download_non_ip,๐ฏ ่็น้ๆฉ
- - RULE-SET,microsoft_cdn_non_ip,DIRECT
- - RULE-SET,apple_cn_non_ip,DIRECT
- - RULE-SET,apple_services,๐ ่นๆๆๅก
- - RULE-SET,microsoft_non_ip,โ๏ธ ๅพฎ่ฝฏๆๅก
- - RULE-SET,ai_non_ip,๐ค AIGC
- - RULE-SET,global_non_ip,๐ฏ ่็น้ๆฉ
- - RULE-SET,domestic_non_ip,DIRECT
- - RULE-SET,direct_non_ip,DIRECT
- - RULE-SET,lan_non_ip,DIRECT
-
- ### IP ็ฑป่งๅ
- - RULE-SET,reject_ip,REJECT
- - RULE-SET,telegram_ip,โ๏ธ ็ตๆฅไฟกๆฏ
- - RULE-SET,stream_ip,๐บ๐ธ - ่ชๅจ้ๆฉ
- - RULE-SET,lan_ip,DIRECT
- - RULE-SET,domestic_ip,DIRECT
- - RULE-SET,china_ip,DIRECT
- - MATCH,๐ฏ ่็น้ๆฉ
modules/nixos/base/mihomo/default.nix
@@ -3,41 +3,12 @@
config,
pkgs,
...
-}:
-lib.mkIf config.services.mihomo.enable {
- services.mihomo = {
- tunMode = true;
- webui = pkgs.metacubexd;
- configFile = config.sops.templates."mihomo-config.yaml".path;
+}: {
+ imports = [./config];
+ config = lib.mkIf config.services.mihomo.enable {
+ services.mihomo = {
+ tunMode = true;
+ webui = pkgs.metacubexd;
+ };
};
-
- networking.firewall.trustedInterfaces = [
- "ElysianRealm"
- ];
-
- sops.templates."mihomo-config.yaml".content =
- ''
- NodeParam:
- &NodeParam {
- type: http,
- interval: 86400,
- health-check:
- { enable: true, url: "http://cp.cloudflare.com", interval: 300 },
- }
- proxy-providers:
- Node-YiYuan:
- url: "${config.sops.placeholder."mihomo/providers/yi_yuan"}"
- <<: *NodeParam
- path: "./proxy_provider/providers-yi_yuan.yaml"
- override:
- additional-prefix: "[YY]"
- Node-MoJie:
- url: "${config.sops.placeholder."mihomo/providers/mo_jie"}"
- <<: *NodeParam
- path: "./proxy_provider/providers-mo_jie.yaml"
- override:
- additional-prefix: "[MJ]"
- ''
- + "\n"
- + builtins.readFile ./config.yaml;
}
options/nixos/mihomo.nix
@@ -0,0 +1,35 @@
+{
+ lib,
+ config,
+ pkgs,
+ ...
+}: let
+ inherit (lib) mkOption types;
+ format = pkgs.formats.yaml {};
+ cfg = config.services.mihomo.config;
+in {
+ options.services.mihomo.config = mkOption {
+ default = {};
+ type = types.submodule {
+ freeformType = format.type;
+ options = {
+ tun = {
+ enable = mkOption {
+ default = config.options.services.mihomo.tunMode;
+ type = types.bool;
+ };
+ device = mkOption {
+ default = "utun0";
+ type = types.str;
+ };
+ };
+ };
+ };
+ };
+
+ config = {
+ networking.firewall.trustedInterfaces = lib.mkIf config.services.mihomo.tunMode [cfg.tun.device];
+ sops.templates."mihomo-config.yaml".content = builtins.toJSON cfg;
+ services.mihomo.configFile = config.sops.templates."mihomo-config.yaml".path;
+ };
+}