dae: setup

xddxdd · Jan 5, 2025 · a9e4362 · a9e4362
1 parent 363e60c
commit a9e4362
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 10 deletions.
diff --git a/hosts/lt-hp-omen/configuration.nix b/hosts/lt-hp-omen/configuration.nix
@@ -18,6 +18,7 @@
 
     ../../nixos/optional-apps/aagl.nix
     ../../nixos/optional-apps/clamav.nix
+    ../../nixos/optional-apps/dae.nix
     ../../nixos/optional-apps/libvirt
     ../../nixos/optional-apps/llama-sakura-llm.nix
     ../../nixos/optional-apps/netns-tnl-buyvm.nix

diff --git a/nixos/client-apps/v2ray.nix b/nixos/client-apps/v2ray.nix
@@ -81,16 +81,6 @@ let
           };
         tag = "proxy";
       }
-      {
-        protocol = "freedom";
-        settings.domainStrategy = "UseIPv4";
-        tag = "direct";
-      }
-      {
-        protocol = "blackhole";
-        settings.response.type = "none";
-        tag = "blackhole";
-      }
     ];
     policy.levels."0" = {
       connIdle = 86400;

diff --git a/nixos/optional-apps/dae.nix b/nixos/optional-apps/dae.nix
@@ -0,0 +1,69 @@
+{ lib, ... }:
+{
+  services.dae = {
+    enable = true;
+    config = ''
+      global {
+        tproxy_port: 1
+        tproxy_port_protect: true
+        wan_interface: auto
+        auto_config_kernel_parameter: false
+
+        tcp_check_url: 'http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111'
+        tcp_check_http_method: HEAD
+        udp_check_dns: 'dns.google:53,8.8.8.8,2001:4860:4860::8888'
+        check_interval: 30s
+        check_tolerance: 50ms
+
+        dial_mode: domain
+        allow_insecure: false
+        sniffing_timeout: 100ms
+
+        tls_implementation: utls
+        utls_imitate: firefox_auto
+      }
+
+      node {
+        v2ray: "socks5://localhost:1080"
+      }
+
+      dns {
+        upstream {
+          alidns: 'https://dns.alidns.com:443'
+          googledns: 'https://dns.google:443'
+        }
+        routing {
+          request {
+            qname(geosite:cn) -> alidns
+            fallback: googledns
+          }
+          response {
+            upstream(googledns) -> accept
+            ip(geoip:private) && !qname(geosite:cn) -> googledns
+            fallback: accept
+          }
+        }
+      }
+
+      group {
+        proxy {
+          policy: fixed(0)
+        }
+      }
+
+      routing {
+        pname(NetworkManager) -> must_direct
+        pname(v2ray) -> must_direct
+        pname(xray) -> must_direct
+        dip(224.0.0.0/3, 'ff00::/8') -> direct
+        dip(geoip:private) -> direct
+
+        # V2Ray handles direct connections
+
+        fallback: proxy
+      }
+    '';
+  };
+
+  systemd.services.dae.wantedBy = lib.mkForce [ ];
+}