Local and sub-rules

2025-08-07 10:47:42 +03:00
parent 8b25268dcb
commit 2ccae6d046
6 changed files with 1344 additions and 58 deletions
--- a/config/dts-pontifex.yaml
+++ b/config/dts-pontifex.yaml
@@ -90,12 +90,12 @@ dns:
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter-mode: blacklist
  fake-ip-filter:
-     # ———————————————————— self-hosted domains ———————————————————
-     - '*.lan'
-     - '+.dts'
-     - '+.webway.dts'
-     - '+.netbird.selfhosted'
-     - '+.shamanlanding.org'
+    # ———————————————————— self-hosted domains ———————————————————
+    - '*.lan'
+    - '+.dts'
+    - '+.webway.dts'
+    - '+.netbird.selfhosted'
+    - '+.shamanlanding.org'
  nameserver:
    - https://d.adguard-dns.com/dns-query/5ffb7de2
  fallback:
@@ -230,11 +230,96 @@ proxies:
    udp: true
    ip-version: ipv4
    interface-name: eth1
-  # - name: "WAN C [Mobile]"
-  #   type: direct
-  #   udp: true
-  #   ip-version: ipv4
-  #   interface-name: eth2
+
+# ————————————————————— private proxies ———————————————————— #
+  - name: 🇨🇭⇨🇱🇺 Proton WG
+    type: wireguard
+    server: 79.135.104.48
+    port: 51820
+    ip: 10.2.0.2
+    private-key: 8LW5XMdOWwUyVlihlii9dEvVYvatZ/uuC8Jft4fcn0k=
+    public-key: buYqE3X8Wf8X/v5NtHVXYgLk45+2og8MVEbgQAkEyBw=
+    allowed-ips: ['0.0.0.0/0', '::/0']
+    udp: true
+    mtu: 1420
+    remote-dns-resolve: true
+    dns: [10.2.0.1]
+    amnezia-wg-option:
+      jc: 55
+      jmin: 373
+      jmax: 769
+      s1: 0
+      s2: 0
+      h1: 1
+      h2: 2
+      h3: 3
+      h4: 4
+  - name: 🇮🇸⇨🇬🇧 Proton WG
+    type: wireguard
+    server: 185.159.158.215
+    port: 51820
+    ip: 10.2.0.2
+    private-key: yPnrinUviMCyTV4p1Yrd9H9u3zV6jXXFDWJa3zueb2Q=
+    public-key: zctOjv4DH2gzXtLQy86Tp0vnT+PNpMsxecd2vUX/i0U=
+    allowed-ips: ['0.0.0.0/0', '::/0']
+    udp: true
+    mtu: 1420
+    remote-dns-resolve: true
+    dns: [10.2.0.1]
+    amnezia-wg-option:
+      jc: 55
+      jmin: 373
+      jmax: 769
+      s1: 0
+      s2: 0
+      h1: 1
+      h2: 2
+      h3: 3
+      h4: 4
+  - name: 🇸🇾 Direct Proton WG
+    type: wireguard
+    server: 74.118.126.212
+    port: 51820
+    ip: 10.2.0.2
+    private-key: IKZ6eVISKzSoccxyhEQKqJpqQ9MXNXRECogtQ/Mb5Ho=
+    public-key: lA34jzJPyZIjR4FxgEy2KarVEEkFcGT3AmOO2k+X3Co=
+    allowed-ips: ['0.0.0.0/0', '::/0']
+    udp: true
+    mtu: 1420
+    remote-dns-resolve: true
+    dns: [10.2.0.1]
+    amnezia-wg-option:
+      jc: 127
+      jmin: 798
+      jmax: 1246
+      s1: 0
+      s2: 0
+      h1: 1
+      h2: 2
+      h3: 3
+      h4: 4
+  - name: 🇫🇷 Direct Proton WG
+    type: wireguard
+    server: 79.127.134.82
+    port: 51820
+    ip: 10.2.0.2
+    private-key: SLHvkTQwNnovnfKhmO1DwMFycvUPT7MK80VSQXpNeGc=
+    public-key: fEUJZ0KAOb0U8O4+wNYYlVBgtN6AOS2bbXyM07Dnvxk=
+    allowed-ips: ['0.0.0.0/0', '::/0']
+    udp: true
+    mtu: 1420
+    remote-dns-resolve: true
+    dns: [10.2.0.1]
+    amnezia-wg-option:
+      jc: 127
+      jmin: 798
+      jmax: 1246
+      s1: 0
+      s2: 0
+      h1: 1
+      h2: 2
+      h3: 3
+      h4: 4

 # ——————————————————————————————————————————————————— PROXY PROVIDERS ———————————————————————————————————————————————————
 proxy-providers:
@@ -313,6 +398,7 @@ proxy-groups:
 # ————————————————————————— fallback ———————————————————————— #
  - name: "Automatic Fallback Route"
    type: fallback
+    disable-udp: false
    proxies:
      - DIRECT
    hidden: true
@@ -326,58 +412,47 @@ proxy-groups:
      - WAN A [Мегафон]
      - WAN B [РосТелеКом]
    hidden: true
+    url: 'https://cp.cloudflare.com/generate_204'
+    interval: 300

-  # - name: ABC
-  #  type: load-balance
-  #  disable-udp: false
-  #  proxies:
-  #    - WAN A [Мегафон]
-  #    - WAN B [РосТелеКом]
-  #    - WAN C [Mobile]
-  #  hidden: true
 # ————————————————————— direct selectors ———————————————————— #
-  - name: LAN Clients
+  
+  - name: Local Devices
    type: select
    disable-udp: false
    proxies:
+      - DIRECT
+      - AB
+      - WAN A [Мегафон]
+      - WAN B [РосТелеКом]
+  
+  - name: Infrastructure
+    type: select
+    disable-udp: false
+    proxies:
+      - DIRECT
      - AB
-  #   - ABC
      - WAN A [Мегафон]
      - WAN B [РосТелеКом]
-  #   - WAN C [Mobile]

  - name: IOT Clients
    type: select
    disable-udp: false
    proxies:
-      - LAN Clients
+      - DIRECT
      - AB
-  #   - ABC
      - WAN A [Мегафон]
      - WAN B [РосТелеКом]
-  #   - WAN C [Mobile]
-
-  - name: Unprivileged Webway
+  
+  - name: Webway
    type: select
    disable-udp: false
    proxies:
-      - LAN Clients
+      - DIRECT
      - AB
-  #   - ABC
      - WAN A [Мегафон]
      - WAN B [РосТелеКом]
-  #   - WAN C [Mobile]
-
-  - name: Privileged Webway
-    type: select
-    disable-udp: false
-    proxies:
-      - LAN Clients
-      - AB
-  #   - ABC
-      - WAN A [Мегафон]
-      - WAN B [РосТелеКом]
-  #   - WAN C [Mobile]
+  
 # —————————————— smart groups for personal vpn —————————————— #
  - name: ▣ Personal
    disable-udp: false
@@ -850,6 +925,23 @@ rule-providers:
    path: "./rule_provider/services/consolidated-lists-private/testzone-b.yaml"
    <<: *default_rule_provider_config

+  Local Devices:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-devices.yaml
+    path: "./rule_provider/services/consolidated-lists-private/local-devices.yaml"
+    <<: *default_rule_provider_config
+  Infrastructure:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-infrastructure.yaml
+    path: "./rule_provider/services/consolidated-lists-private/local-infrastructure.yaml"
+    <<: *default_rule_provider_config
+  IOT Clients:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-iot.yaml
+    path: "./rule_provider/services/consolidated-lists-private/local-iot.yaml"
+    <<: *default_rule_provider_config
+  Webway:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-webway.yaml
+    path: "./rule_provider/services/consolidated-lists-private/local-webway.yaml"
+    <<: *default_rule_provider_config
+
 # —————————————————————————— consolidated-lists-public —————————————————————————— #
  # /clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/
  🚫 Adblock List RU:
@@ -1003,4 +1095,8 @@ rules:
 - GEOIP,CN,CN Services

 # ——————————————————————— final match ——————————————————————— #
- MATCH,LAN Clients
+- RULE-SET,Local Devices,Local Devices
+- RULE-SET,Infrastructure,Infrastructure
+- RULE-SET,IOT Clients,IOT Clients
+- RULE-SET,Webway,Webway
+- MATCH,DIRECT