before refactor the arch of configuration.

users/dae/config.dae

@@ -0,0 +1,82 @@
+include {
+  proxy.d/*.dae
+}
+
+global {
+  # 绑定到 LAN 和/或 WAN 接口。将下述接口替换成你自己的接口名。
+  lan_interface: auto
+  wan_interface: auto
+
+  log_level: trace
+  allow_insecure: false
+  auto_config_kernel_parameter: true
+  dial_mode: domain
+}
+
+# 更多的 DNS 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md
+dns {
+  upstream {
+    googledns: 'tcp+udp://8.8.8.8:53'
+    alidns: 'udp://114.114.114.114:53'
+  }
+  routing {
+    request {
+      fallback: alidns
+    }
+    response {
+      upstream(googledns) -> accept
+      ip(geoip: private) && !qname(geosite: cn) -> googledns
+      fallback: accept
+    }
+  }
+}
+
+group {
+  proxy {
+    filter: subtag(wget)
+    policy: min_moving_avg
+  }
+  us {
+    filter: subtag(wget) && name(keyword: "美国")
+    policy: min_moving_avg
+  }
+  hk {
+    filter: subtag(wget) && name(keyword: "香港")
+    policy: min_moving_avg
+  }
+}
+
+# 更多的 Routing 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md
+routing {
+  pname(hickory-dns) && dport(53) -> must_direct
+  pname(mihomo) -> must_direct
+  domain(geosite:cn) -> direct
+  # personal config routing
+
+  domain(full: time.windows.com) -> must_direct
+  domain(suffix: 'hit.edu.cn') -> must_direct
+  domain(geosite: microsoft) -> proxy
+  # domain(geosite: onedrive) -> must_direct
+  domain(geosite: 'category-ai-chat-!cn') -> us
+  domain(geosite: google) -> us
+  domain(geosite: google-play) -> proxy
+  domain(geosite: apple) -> us
+  domain(keyword: spotify) -> us
+  domain(geosite: tiktok) -> us
+
+  dip(geoip:private) -> direct
+  dip(geoip:cn) -> direct
+  # dport(63434) && sip(192.168.31.170) -> hk
+  dip(223.5.5.5) -> direct
+  
+  # ban qq dns over http
+  # dip(43.136.0.0/13) -> block
+  # dip(109.244.0.0/16) -> block
+  # dip(175.27.0.0/16) -> block
+  # dip('2409:8C1E:75B0:80::/64') -> block
+
+  ## 禁用 h3，因为它通常消耗很多 CPU 和内存资源
+  # l4proto(udp) && dport(443) -> block
+
+  fallback: proxy
+}

users/dae/default.nix

@@ -0,0 +1,114 @@
+{ pkgs, config, ... }:
+{
+  services.dae = {
+    enable = true;
+    openFirewall = {
+      enable = true;
+      port = 12345;
+    };
+    disableTxChecksumIpGeneric = false;
+    config = builtins.readFile ./config.dae;
+  };
+  environment.etc."dae/urls.txt".source = ./urls.txt;
+  systemd.services =
+    let
+      new_proxy = "/etc/dae/proxy.d.new";
+      head = "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36";
+      update = ''
+        num=0
+        check=1
+        urls="$(${pkgs.coreutils}/bin/cat /etc/dae/urls.txt)"
+        mkdir -p ${new_proxy}
+        for url in "''${urls}"; do
+          txt=${new_proxy}/''${num}.txt
+          config="${new_proxy}/''${num}.dae"
+          ${pkgs.curl}/bin/curl -H "${head}" "''${url}" > "''${txt}"
+          ${pkgs.coreutils}/bin/echo "" > ''${config}
+          ${pkgs.coreutils}/bin/echo 'subscription {' >> ''${config}
+          ${pkgs.coreutils}/bin/echo \ \ wget:\ \"file\://proxy.d/''${num}.txt\" >> ''${config}
+          ${pkgs.coreutils}/bin/echo } >> ''${config}
+          if [[ ! -s ''${txt} ]]; then
+            check=0
+          fi
+          ${pkgs.coreutils}/bin/chmod 0640 ''${txt}
+          ${pkgs.coreutils}/bin/chmod 0640 ''${config}
+          link=$((link+1))
+
+          if [[ ''${check} -eq 0 ]]; then
+            exit -1
+          fi
+        done
+        ${pkgs.coreutils}/bin/rm -r /etc/dae/proxy.d
+        ${pkgs.coreutils}/bin/mv ${new_proxy} /etc/dae/proxy.d
+      '';
+    in
+    {
+      "update-dae-subscription-immediate" = {
+        after = [ "network-online.target" ];
+        wants = [ "network-online.target" ];
+        before = [ "dae.service" ];
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart =
+            let
+              script = pkgs.writeTextFile {
+                name = "update-dae-subscription-immediate";
+                executable = true;
+                destination = "/bin/script";
+                text = ''
+                  ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
+                  if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then
+                    ${pkgs.coreutils}/bin/echo "No subscription file found in /etc/dae/proxy.d. Update now..."
+                    ${update}
+                  else
+                    ${pkgs.coreutils}/bin/echo "Found existing subscription files. Skipping immediate update."
+                  fi
+                '';
+              };
+            in
+            [
+              "${pkgs.bash}/bin/bash ${script}/bin/script"
+            ];
+        };
+        wantedBy = [ "multi-user.target" ];
+      };
+
+      "update-dae-subscription-weekly" = {
+        after = [ "network-online.target" ];
+        wants = [ "network-online.target" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStartPre = [ "${config.systemd.package}/bin/systemctl stop dae.service" ];
+          ExecStartPost = [
+            "${config.systemd.package}/bin/systemctl start dae.service"
+          ];
+          ExecStart =
+            let
+              script = pkgs.writeTextFile {
+                name = "update-dae-subscription-weekly";
+                executable = true;
+                destination = "/bin/script";
+                text = ''
+                  ${pkgs.coreutils}/bin/echo "Force subscription update..."
+                  ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d
+                  ${update}
+                '';
+              };
+            in
+            [
+              "${pkgs.bash}/bin/bash ${script}/bin/script"
+            ];
+        };
+      };
+    };
+
+  systemd.timers."dae-update" = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "weekly";
+      Unit = "dae-update.service";
+      Persistent = true;
+    };
+  };
+}

users/dae/urls.txt

@@ -0,0 +1 @@
+https://bava8u2znaj6bdzzjnfb.wgetcloud.online/link/df057715-3fa5-38c8-b550-316aa84c22c1?target=v2rayn&list=1&simple=1