# —————————————————————————————————— local proxy ————————————————————————————————— port: 7890 socks-port: 7891 redir-port: 7892 tproxy-port: 7893 mixed-port: 7893 allow-lan: true bind-address: "*" # authentication of local SOCKS5/HTTP(S) server # authentication: # - "user1:pass1" # - "user2:pass2" # —————————————————————————————— external controller ————————————————————————————— external-controller: 127.0.0.1:9090 secret: '314159271828' external-ui: "/usr/share/openclash/ui" authentication: - dts-pontifex-clash:314159271828 # ———————————————————————————————————— general ——————————————————————————————————— mode: rule ipv6: false unified-delay: true log-level: info disable-keep-alive: true # interface-name: en0 # Outbound interface name # ————————————————————————————————————— hosts ———————————————————————————————————— hosts: # ———————————————————————————————————— profile ——————————————————————————————————— profile: store-selected: true store-fake-ip: true # ———————————————————————————————————— sniffer ——————————————————————————————————— sniffer: enable: true parse-pure-ip: true # —————————————————————————————————————— dns ————————————————————————————————————— dns: enable: true listen: 0.0.0.0:53 default-nameserver: - 114.114.114.114 - 8.8.8.8 enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter-mode: blacklist fake-ip-filter: # ———————————————————— self-hosted domains ——————————————————— - '*.lan' - '*.dts' - '*.webway.dts' - '*.netbird.selfhosted' - '*.shamanlanding.org' - '*.retreat.shamanlanding.org' - '*.hq.shamanlanding.org' nameserver: - https://purpose.shamanlanding.org/dns-query/dts-pontifex # If IP addresses resolved with servers in `nameservers` are in the specified # subnets below, they are considered invalid and results from `fallback` # servers are used instead. # # IP address resolved with servers in `nameserver` is used when # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. # # If `fallback-filter.geoip` is false, results from `nameserver` nameservers # are always used if not match `fallback-filter.ipcidr`. # # This is a countermeasure against DNS pollution attacks. # fallback-filter: # geoip: true # geoip-code: CN # ipcidr: # - 240.0.0.0/4 # domain: # - '+.google.com' # - '+.facebook.com' # - '+.youtube.com' # Lookup domains via specific nameservers # nameserver-policy: # 'www.baidu.com': '114.114.114.114' # '+.internal.crop.com': '10.0.0.1' # ————————————————————————————————————— macro ———————————————————————————————————— health-check-for-providers: &health_check_for_providers enable: true interval: 600 url: http://www.gstatic.com/generate_204 health-check-for-selectors: &health_check_for_selectors url: https://cp.cloudflare.com/generate_204 interval: 300 health-check-for-load-balancers: &health_check_for_load_balancers url: https://cp.cloudflare.com/generate_204 interval: 300 default-rule-provider-config: &default_rule_provider_config type: http behavior: classical interval: 86400 private-vpn-list: &private_vpn_list - vless-estonia - vless-serbia p-vpn-list_balancer: &p_vpn_list_balancer type: load-balance strategy: sticky-sessions proxies: - vless-estonia - vless-serbia p-vpn-list_selector: &p_vpn_list_selector type: select proxies: - vless-estonia - vless-serbia np-vpn-list_balancer: &np_vpn_list_balancer type: load-balance strategy: sticky-sessions use: - full-xfinn-test - arza-1 - Un1c4d3 np-vpn-list_selector: &np_vpn_list_selector type: select use: - full-xfinn-test - arza-1 - Un1c4d3 default-private-proxies-lb-selector: &default_private_proxies_lb_selector type: select proxies: - vless-estonia - vless-serbia - ⚖️ Personal VPN # ————————————————————————————————— proxies list ————————————————————————————————— proxies: # ————————————————————— direct wan routes ———————————————————— - name: "WAN A [Мегафон]" type: direct udp: true ip-version: ipv4 interface-name: eth2 - name: "WAN B [РосТелеКом]" type: direct udp: true ip-version: ipv4 interface-name: eth2 - name: "WAN C [Mobile]" type: direct udp: true ip-version: ipv4 interface-name: eth2 # ——————————————————— private vpn services ——————————————————— - name: vless-serbia type: vless server: 38.180.101.70 port: 443 uuid: e31308a8-f7d3-4007-b077-6fd21e9c7310 udp: false tls: true client-fingerprint: chrome servername: kingnews.rs network: tcp flow: xtls-rprx-vision reality-opts: public-key: xBnrKijFwmka88VI1xWYzUS9jT1SyA5UdJQ8vg5BZzw short-id: a9a07155 - name: vless-estonia type: vless server: 37.252.4.126 port: 443 uuid: '028c65fd-9192-4adc-af68-e01fe5881cdd' udp: false tls: true client-fingerprint: chrome servername: yahoo.com network: tcp flow: xtls-rprx-vision reality-opts: public-key: HwuNN-BUkUm1acVf0POkJHyfSj9puyATJDIxcR_OfE4 short-id: '58024220' # ———————————————————————————————— proxy providers ——————————————————————————————— proxy-providers: # ——————————————————— private vpn services ——————————————————— # ——————————————————— non-personal services —————————————————— full-xfinn-test: type: http url: "https://gitea.shamanlanding.org/DaTekShaman/arcadia/raw/branch/main/CLASH%20RULES/proxy-providers/gofinn-test-account-full" interval: 3600 proxy: DIRECT path: "./proxy_provider/gofinn-test-acoount-full.txt" exclude-filter: "(?i)Наш TG|Истекает" override: additional-prefix: "[F] " additional-suffix: "" health-check: <<: *health_check_for_providers #https://arza.top/sub/dGZjNHVlLDE3MzIzMDQ2MTYowA-efEYOh arza-1: type: http url: "https://gitea.shamanlanding.org/DaTekShaman/arcadia/raw/branch/main/CLASH%20RULES/proxy-providers/arza" interval: 3600 proxy: DIRECT path: "./proxy_provider/arza2.txt" exclude-filter: "(?i)Наш TG|Истекает" override: additional-prefix: "[A] " additional-suffix: "" health-check: <<: *health_check_for_providers #https://subs.un1c4d3.ru:52478/sub/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJQTF9WTFNTX0FMTDIxMCIsImFjY2VzcyI6InN1YnNjcmlwdGlvbiIsImlhdCI6MTczNzgwMDQwOH0.mPr4BSMMpo1mrlZPvB34IRGcn2mHOZetHXaZyebirT4 Un1c4d3: type: http url: "https://gitea.shamanlanding.org/DaTekShaman/arcadia/raw/branch/main/CLASH%20RULES/proxy-providers/Un1c4d3" interval: 3600 proxy: DIRECT path: "./proxy_provider/Un1c4d3.txt" exclude-filter: "(?i)Наш TG|Истекает|EXPIRE|TELEGRAM" override: additional-prefix: "[U] " additional-suffix: "" health-check: <<: *health_check_for_providers # ————————————————————————————————— proxy groups ————————————————————————————————— proxy-groups: # ————————————————————————— fallback ————————————————————————— - name: "Automatic Fallback Route" type: fallback proxies: - DIRECT hidden: true url: 'https://cp.cloudflare.com/generate_204' interval: 300 # ————————————————————— direct wan routes ———————————————————— - name: ⚖️ AB type: load-balance disable-udp: false proxies: - WAN A [Мегафон] - WAN B [РосТелеКом] hidden: true - name: ⚖️ ABC type: load-balance disable-udp: false proxies: - WAN A [Мегафон] - WAN B [РосТелеКом] - WAN C [Mobile] hidden: true # ————————————————————— direct selectors ————————————————————— - name: 🖥️ LAN Clients type: select disable-udp: false proxies: - ⚖️ AB - ⚖️ ABC - WAN A [Мегафон] - WAN B [РосТелеКом] - WAN C [Mobile] - name: 🛋️ IOT Clients type: select disable-udp: false proxies: - 🖥️ LAN Clients - ⚖️ AB - ⚖️ ABC - WAN A [Мегафон] - WAN B [РосТелеКом] - WAN C [Mobile] - name: 👾 Unprivileged Webway type: select disable-udp: false proxies: - 🖥️ LAN Clients - ⚖️ AB - ⚖️ ABC - WAN A [Мегафон] - WAN B [РосТелеКом] - WAN C [Mobile] - name: 🌟 Privileged Webway type: select disable-udp: false proxies: - 🖥️ LAN Clients - ⚖️ AB - ⚖️ ABC - WAN A [Мегафон] - WAN B [РосТелеКом] - WAN C [Mobile] # —————————————— load balancers for personal vpn ————————————— - name: ⚖️ Personal VPN <<: *p_vpn_list_balancer <<: *health_check_for_load_balancers # ———————————— load balancers for non-personal vpn ——————————— - name: ⚖️ Russian <<: *np_vpn_list_balancer disable-udp: false filter: "(?i)Russia" <<: *health_check_for_load_balancers - name: ⚖️ Europe <<: *np_vpn_list_balancer disable-udp: false filter: "(?i)NL|Finland|Estonia|France|Germany|Sweden|Ireland" <<: *health_check_for_load_balancers - name: ⚖️ USA <<: *np_vpn_list_balancer disable-udp: false filter: "(?i)USA|Canada" <<: *health_check_for_load_balancers - name: ⚖️ Asia <<: *np_vpn_list_balancer disable-udp: false filter: "(?i)Hong Kong|China|Malaysia|Philippines|Japan|Singapore" <<: *health_check_for_load_balancers - name: ⚖️ Fast Servers <<: *np_vpn_list_balancer disable-udp: false filter: "(?i)10 Gbit|10Gbit" <<: *health_check_for_load_balancers # ————————————— global selectors for personal vpn ———————————— - name: 🔢 Personal VPN <<: *p_vpn_list_selector disable-udp: false <<: *health_check_for_selectors # ——————————— global selectors for non-personal vpn —————————— - name: 🔢 Russian <<: *np_vpn_list_selector disable-udp: false filter: "(?i)Russia" <<: *health_check_for_selectors - name: 🔢 Europe <<: *np_vpn_list_selector disable-udp: false filter: "(?i)NL|Finland|Estonia|France|Germany|Sweden|Ireland|Moldova" <<: *health_check_for_selectors - name: 🔢 USA <<: *np_vpn_list_selector disable-udp: false filter: "(?i)USA|Canada" <<: *health_check_for_selectors - name: 🔢 Asia <<: *np_vpn_list_selector disable-udp: false filter: "(?i)Hong Kong|China|Malaysia|Philippines|Japan|Singapore" <<: *health_check_for_selectors - name: 🔢 Kazakhstan <<: *np_vpn_list_selector disable-udp: false filter: "(?i)Kazakhstan|KZ" <<: *health_check_for_selectors - name: 🔢 All non-personal <<: *np_vpn_list_selector disable-udp: false filter: "" <<: *health_check_for_selectors - name: 🔢 Gaming <<: *np_vpn_list_selector disable-udp: false filter: "(?i)game" <<: *health_check_for_selectors - name: 🔢 Torrent Compliant <<: *np_vpn_list_selector disable-udp: false filter: "(?i)torrent" <<: *health_check_for_selectors - name: 🔢 TOR Compliant <<: *np_vpn_list_selector disable-udp: false filter: "(?i)TOR✅" <<: *health_check_for_selectors - name: 🔢 Fast Servers <<: *np_vpn_list_selector disable-udp: false filter: "(?i)10 Gbit|10Gbit" <<: *health_check_for_selectors # —————————— selectors for unprivileged webway rules ————————— # ——————— selectors for local & privileged webway rules —————— - name: YouTube [LAN] type: select proxies: - 🔢 Russian - 🔢 Personal VPN - 🔢 Europe - ⚖️ Europe - ⚖️ Russian - ⚖️ Personal VPN <<: *health_check_for_selectors - name: Adaptaion type: select proxies: - 🔢 Fast Servers - 🔢 Personal VPN - 🔢 Europe - ⚖️ Fast Servers - ⚖️ Personal VPN - ⚖️ Europe <<: *health_check_for_selectors - name: Antifilter type: select proxies: - 🔢 Fast Servers - 🔢 Personal VPN - 🔢 Europe - ⚖️ Fast Servers - ⚖️ Personal VPN - ⚖️ Europe <<: *health_check_for_selectors - name: Notion type: select proxies: - vless-estonia - vless-serbia <<: *health_check_for_selectors - name: Testzone A type: select proxies: - 🔢 All non-personal - 🔢 Russian - 🔢 Europe - 🔢 USA - 🔢 Asia - 🔢 Kazakhstan - ⚖️ Europe - ⚖️ USA - ⚖️ Asia - ⚖️ Fast Servers - ⚖️ Personal VPN <<: *health_check_for_selectors # ———————————————————————————————— rule providers ———————————————————————————————— rule-providers: # ———————————————————————— gitea lists ——————————————————————— AI Stuff (Western): url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/2005-lpu-ai-stuff-western.yaml # AI Stuff path: "./rule_provider/2005-lpu-ai-stuff-western.yaml" <<: *default_rule_provider_config Notion: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/2000-lpu-notion.yaml # Notion path: "./rule_provider/2000-lpu-notion.yaml" <<: *default_rule_provider_config Youtube: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/1003-lpx-youtube.yaml # Youtube path: "./rule_provider/1003-lpx-youtube.yaml" <<: *default_rule_provider_config Testzone A: url: https://gitea.shamanlanding.org/DaTekShaman/arcadia/raw/branch/main/CLASH%20RULES/rule-providers/ip-test.yaml path: "./rule_provider/0000-lpx-testzone-a.yaml" <<: *default_rule_provider_config # —————————————————————— adaptaion lists ————————————————————— General Direct Domain List: url: http://purpose.shamanlanding.org:9999/direct-domain.yaml path: "./ruleset/0001-lpu-direct-domain.yaml" <<: *default_rule_provider_config General Direct IP List: url: http://purpose.shamanlanding.org:9999/direct-ip.yaml path: "./ruleset/0001-lpu-direct-ip.yaml" <<: *default_rule_provider_config General Proxy Domain List: url: http://purpose.shamanlanding.org:9999/proxy-domain.yaml path: "./ruleset/0002-lpx-adaptation-domain-proxy.yaml" <<: *default_rule_provider_config General Proxy IP List: url: http://purpose.shamanlanding.org:9999/proxy-ip.yaml path: "./ruleset/0002-lpx-adaptation-ip-proxy.yaml" <<: *default_rule_provider_config # ————————————————— antifilter community list ———————————————— Antifilter IP List : url: http://purpose.shamanlanding.org:9999/antifilter-ip.yaml path: "./ruleset/9998-lpx-antifilter-ip-proxy.yaml" <<: *default_rule_provider_config Antifilter Community IP List: url: http://purpose.shamanlanding.org:9999/antifilter-community-ip.yaml path: "./ruleset/9999-lpx-antifilter-community-ip-proxy.yaml" <<: *default_rule_provider_config Antifilter Community Domain List: url: http://purpose.shamanlanding.org:9999/antifilter-community-domain.yaml path: "./ruleset/9998-lpx-antifilter-domain-proxy.yaml" <<: *default_rule_provider_config # ————————————————————————————————————— rules ———————————————————————————————————— rules: - RULE-SET,Youtube,YouTube [LAN] - RULE-SET,Notion,Notion - RULE-SET,Testzone A,Testzone A - RULE-SET,AI Stuff (Western),Testzone A - RULE-SET,General Direct Domain List,🖥️ LAN Clients - RULE-SET,General Direct IP List,🖥️ LAN Clients - RULE-SET,General Proxy Domain List,Adaptaion - RULE-SET,General Proxy IP List,Adaptaion - RULE-SET,Antifilter IP List ,Antifilter - RULE-SET,Antifilter Community IP List,Antifilter - RULE-SET,Antifilter Community Domain List,Antifilter - MATCH,🖥️ LAN Clients