move some nixos configuration to ./nixos/modules and ./nixos/configurations. try to find a good arch to conbine home-manager and nixos modules.

2025-01-07 22:41:55 +08:00 · 2025-01-07 22:41:55 +08:00 · 64db779064
commit 64db779064
parent 6be554822c
32 changed files with 534 additions and 635 deletions
--- a/users/dae/config.dae
+++ b/users/dae/config.dae
@ -3,7 +3,6 @@ include {
 }

 global {
-  # 绑定到 LAN 和/或 WAN 接口。将下述接口替换成你自己的接口名。
  lan_interface: auto
  wan_interface: auto

@ -11,21 +10,31 @@ global {
  allow_insecure: false
  auto_config_kernel_parameter: true
  dial_mode: domain
+
+  tcp_check_url: 'http://cp.cloudflare.com'
+  udp_check_dns: 'dns.google.com:53'
+  check_interval: 600s
+  check_tolerance: 50ms
+
+  tproxy_port: 12345
 }

-# 更多的 DNS 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md
 dns {
+  ipversion_prefer: 4
+
  upstream {
    googledns: 'tcp+udp://8.8.8.8:53'
-    alidns: 'udp://114.114.114.114:53'
+    alidns: 'udp://dns.alidns.com:53'
  }
  routing {
    request {
-      fallback: alidns
+      qname(geosite: category-ads) -> reject
+      qname(geosite: category-ads-all) -> reject
+      qname(geosite: cn) -> alidns
+      fallback: googledns
    }
    response {
-      upstream(googledns) -> accept
-      ip(geoip: private) && !qname(geosite: cn) -> googledns
+      upstream(googledns) && ip(geoip: private) -> alidns
      fallback: accept
    }
  }
@ -50,19 +59,20 @@ group {
 routing {
  pname(hickory-dns) && dport(53) -> must_direct
  pname(mihomo) -> must_direct
-  domain(geosite:cn) -> direct
-  # personal config routing
+  pname(systemd-resolved) -> must_direct

  domain(full: time.windows.com) -> must_direct
-  domain(suffix: 'hit.edu.cn') -> must_direct
+  domain(regex: ".*wgetcloud.*v2ray.*") -> must_direct
+  domain(suffix: "hit.edu.cn") -> must_direct
  domain(geosite: microsoft) -> proxy
  # domain(geosite: onedrive) -> must_direct
-  domain(geosite: 'category-ai-chat-!cn') -> us
+  domain(geosite: "category-ai-chat-!cn") -> us
  domain(geosite: google) -> us
  domain(geosite: google-play) -> proxy
  domain(geosite: apple) -> us
-  domain(keyword: spotify) -> us
+  domain(geosite: spotify) -> us
  domain(geosite: tiktok) -> us
+  domain(geosite: cn) -> direct

  dip(geoip:private) -> direct
  dip(geoip:cn) -> direct
@ -75,8 +85,5 @@ routing {
  # dip(175.27.0.0/16) -> block
  # dip('2409:8C1E:75B0:80::/64') -> block

-  ## 禁用 h3，因为它通常消耗很多 CPU 和内存资源
-  # l4proto(udp) && dport(443) -> block
-
  fallback: proxy
 }
--- a/users/dae/default.nix
+++ b/users/dae/default.nix
@ -73,42 +73,38 @@
        wantedBy = [ "multi-user.target" ];
      };

-      "update-dae-subscription-weekly" = {
-        after = [ "network-online.target" ];
-        wants = [ "network-online.target" ];
-        wantedBy = [ "multi-user.target" ];
-        serviceConfig = {
-          Type = "oneshot";
-          ExecStartPre = [ "${config.systemd.package}/bin/systemctl stop dae.service" ];
-          ExecStartPost = [
-            "${config.systemd.package}/bin/systemctl start dae.service"
-          ];
-          ExecStart =
-            let
-              script = pkgs.writeTextFile {
-                name = "update-dae-subscription-weekly";
-                executable = true;
-                destination = "/bin/script";
-                text = ''
-                  ${pkgs.coreutils}/bin/echo "Force subscription update..."
-                  ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
-                  ${update}
-                '';
-              };
-            in
-            [
-              "${pkgs.bash}/bin/bash ${script}/bin/script"
-            ];
-        };
-      };
+      # "update-dae-subscription-weekly" = {
+      #   after = [ "network-online.target" ];
+      #   wants = [ "network-online.target" ];
+      #   wantedBy = [ "multi-user.target" ];
+      #   serviceConfig = {
+      #     Type = "oneshot";
+      #     ExecStart =
+      #       let
+      #         script = pkgs.writeTextFile {
+      #           name = "update-dae-subscription-weekly";
+      #           executable = true;
+      #           destination = "/bin/script";
+      #           text = ''
+      #             ${pkgs.coreutils}/bin/echo "Force subscription update..."
+      #             ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
+      #             ${update}
+      #           '';
+      #         };
+      #       in
+      #       [
+      #         "${pkgs.bash}/bin/bash ${script}/bin/script"
+      #       ];
+      #   };
+      # };
    };

-  systemd.timers."dae-update" = {
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "weekly";
-      Unit = "dae-update.service";
-      Persistent = true;
-    };
-  };
+  # systemd.timers."dae-update" = {
+  #   wantedBy = [ "timers.target" ];
+  #   timerConfig = {
+  #     OnCalendar = "weekly";
+  #     Unit = "dae-update.service";
+  #     Persistent = true;
+  #   };
+  # };
 }