Migrate Mihomo and IPtables scripts from systemd to OpenRC and update service configurations

init-scripts/openrc/mihomo

@@ -0,0 +1,16 @@
+#!/sbin/openrc-run
+
+name="mihomo"
+description="Mihomo Daemon"
+command="/usr/local/bin/mihomo"
+command_args="-d /etc/mihomo"
+command_background=true
+pidfile="/run/mihomo.pid"
+# Запускаем от юзера, права на сеть дадим через setcap
+command_user="mihomo:mihomo"
+
+depend() {
+    need net
+    use dns
+    after firewall
+}

init-scripts/openrc/mihomo-iptables

@@ -0,0 +1,14 @@
+#!/sbin/openrc-run
+
+description="Mihomo IPtables Rules"
+
+depend() {
+    need net
+    before mihomo
+}
+
+start() {
+    ebegin "Applying Mihomo IPtables rules"
+    /usr/local/bin/iptables-mihomo-setup.sh
+    eend $?
+}

init-scripts/systemd/mihomo-iptables.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Mihomo IPtables rules fixer
+After=network.target
+Before=mihomo.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/iptables-mihomo-setup.sh
+RemainAfterExit=true
+
+[Install]
+WantedBy=multi-user.target

init-scripts/systemd/mihomo.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Mihomo Daemon, Another Clash Kernel.
+After=network.target NetworkManager.service systemd-networkd.service iwd.service
+
+[Service]
+User=mihomo
+Type=simple
+LimitNPROC=500
+LimitNOFILE=1000000
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_TIME CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE
+Restart=always
+ExecStartPre=/usr/bin/sleep 1s
+ExecStart=/usr/local/bin/mihomo -d /etc/mihomo
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target