fix: bypass router

2026-05-20 22:57:17 +02:00 · 2024-02-16 11:41:37 +08:00
parent 7cbff9ef3b
commit ae238d401d
28 changed files with 891 additions and 439 deletions
@@ -1,9 +1,14 @@
 {
+  config,
  pkgs,
  daeuniverse,
+  ...
 }:
 # https://github.com/daeuniverse/flake.nix
-{
+let
+  daeConfigPath = "/etc/dae/config.dae";
+  subscriptionConfigPath = "/etc/dae/config.d/subscription.dae";
+in {
  imports = [
    daeuniverse.nixosModules.dae
    daeuniverse.nixosModules.daed
@@ -12,9 +17,9 @@
  # dae - eBPF-based Linux high-performance transparent proxy.
  services.dae = {
    enable = true;
-    package = pkgs.dae;
+    package = daeuniverse.packages.${pkgs.system}.dae;
    disableTxChecksumIpGeneric = false;
-    configFile = ./bypass-router.dae;
+    configFile = daeConfigPath;
    assets = with pkgs; [v2ray-geoip v2ray-domain-list-community];
    # alternatively, specify assets dir
    # assetsPath = "/etc/dae";
@@ -24,15 +29,29 @@
    };
  };

-  # daed, a modern web dashboard for dae.
-  services.daed = {
-    enable = true;
-    package = pkgs.daed;
-    configdir = "/etc/daed";
-    listen = "0.0.0.0:9090";
-    openfirewall = {
-      enable = true;
-      port = 9090;
-    };
-  };
+  # dae supports two types of subscriptions: base64 encoded proxies, and sip008.
+  # subscription can be a url return the subscription, or a file path that contains the subscription.
+  #
+  # Nix decrypt and merge my dae's base config and subscription config here.
+  # the subscription config is something like:
+  #   ```
+  #   subscription {
+  #     'https://www.example.com/subscription/link'
+  #     'https://example.com/no_tag_link'
+  #   }
+  #   node {
+  #     # Support socks5, http, https, ss, ssr, vmess, vless, trojan, trojan-go, tuic, juicity
+  #     node_a: 'trojan://'
+  #     node_b: 'trojan://'
+  #     node_c: 'vless://'
+  #     node_d: 'vless://'
+  #     node_e: 'vmess://'
+  #     node_f: 'tuic://'
+  #     node_h: 'juicity://'
+  #   }
+  #   ```
+  system.activationScripts.installDaeConfig = ''
+    install -Dm 600 ${./config.dae} ${daeConfigPath}
+    install -Dm 600 ${config.age.secrets."dae-subscription.dae".path} ${subscriptionConfigPath}
+  '';
 }