From 279b1b69eb6375677b3c669db0efde549407fb02 Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Sat, 17 Feb 2024 15:51:49 +0800
Subject: [PATCH] fix: dae - github's ssh access

---
 Justfile                          |  2 ++
 hosts/idols_aquamarine/config.dae | 18 ++++++++++++------
 hosts/idols_aquamarine/router.nix |  2 +-
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/Justfile b/Justfile
index c93e8bcc..f9dffa34 100644
--- a/Justfile
+++ b/Justfile
@@ -100,6 +100,8 @@ dist-debug:
 
 aqua:
   colmena apply --on '@aqua'
+  # some config changes require a restart of the dae service
+  ssh ryan@aquamarine "sudo systemctl stop dae; sleep 1; sudo systemctl start dae"
 
 ruby:
   colmena apply --on '@ruby'
diff --git a/hosts/idols_aquamarine/config.dae b/hosts/idols_aquamarine/config.dae
index 4d5150e0..c80ff61f 100644
--- a/hosts/idols_aquamarine/config.dae
+++ b/hosts/idols_aquamarine/config.dae
@@ -205,7 +205,11 @@ group {
         policy: min_avg10
     }
 
+<<<<<<< HEAD
     github {
+=======
+    ssh-proxy {
+>>>>>>> 7aa2276 (fix: dae - github's ssh access)
         filter: name(keyword: 'UK')
         filter: name(keyword: '英国')
         policy: min_avg10
@@ -251,10 +255,6 @@ routing {
     dip(geoip:cn) -> direct
     domain(geosite:cn) -> direct
 
-    # Use HK to access all other foreign sites
-    domain(geosite:geolocation-!cn) -> proxy
-    !dip(geoip:cn) -> proxy
-
     # Block ads
     domain(geosite:category-ads) -> block
     domain(geosite:category-ads-all) -> block
@@ -268,8 +268,8 @@ routing {
 
     # --- Rules for other commonly used sites ---#
 
-    # Github
-    domain(geosite:github) -> github
+    # SSH - tcp port 22 is blocked by many proxy servers.
+    dport(22) && !dip(geoip:cn) && !domain(geosite:cn) -> ssh-proxy
 
     ### OpenAI
     domain(geosite:openai) -> sg
@@ -312,5 +312,11 @@ routing {
     domain(keyword:'douyu') -> direct
     domain(geosite:cloudflare-cn) -> direct
 
+    # --- Fallback rules ---#
+
+    # Access all other foreign sites
+    domain(geosite:geolocation-!cn) -> proxy
+    !dip(geoip:cn) -> proxy
+
     fallback: direct
 }
diff --git a/hosts/idols_aquamarine/router.nix b/hosts/idols_aquamarine/router.nix
index 4a887b53..10d902d8 100644
--- a/hosts/idols_aquamarine/router.nix
+++ b/hosts/idols_aquamarine/router.nix
@@ -117,7 +117,7 @@ in {
   services.dnsmasq = {
     enable = true;
     # resolve local queries (add 127.0.0.1 to /etc/resolv.conf)
-    resolveLocalQueries = false; # may be conflict with dae, disable this.
+    resolveLocalQueries = true; # may be conflict with dae, disable this.
     alwaysKeepRunning = true;
     # https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=tree
     settings = {