Update Clash ruleset URLs to remove custom port usage

Clash Verge 的 TUN + auto-route 注入 nftables 规则劫持所有流量，
导致外部设备(手机等)无法通过 LAN 访问本机服务(如 8080 端口)。
添加 route-exclude-address 排除:
- 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 (所有 RFC1918 局域网)
- 100.64.0.0/10 (Tailscale CGNAT)

.gitignore

@@ -0,0 +1 @@
+/.idea/

clash/config-lan.yaml

@@ -0,0 +1,538 @@
+mode: rule
+log-level: info
+ipv6: false
+geodata-mode: true
+tcp-concurrent: true
+find-process-mode: always
+
+#自定义 geodata url
+geox-url:
+  geoip: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
+  geosite: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"
+  mmdb: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.metadb"
+
+geo-auto-update: true
+geo-update-interval: 24
+
+dns:
+  enable: true
+  listen: 0.0.0.0:53
+  ipv6: false
+  default-nameserver:
+    - 223.5.5.5
+    - 1.0.0.1
+  enhanced-mode: fake-ip
+  fake-ip-range: 198.10.0.1/16
+  fake-ip-filter:
+    - stun.*.*.*
+    - stun.*.*
+    - time.windows.com
+    - time.nist.gov
+    - time.apple.com
+    - time.asia.apple.com
+    # Tailscale 必须真实 DNS 解析，否则打洞失败
+    - '*.tailscale.com'
+    - '*.ts.net'
+    - controlplane.tailscale.com
+    - login.tailscale.com
+  use-hosts: true
+  nameserver:
+    - 1.1.1.1
+    - 8.8.8.8
+
+sniffer:
+  enable: true
+  force-dns-mapping: true
+  parse-pure-ip: true
+  override-destination: false
+  sniff:
+    HTTP:
+      ports: [ 80, 8080-8880 ]
+      override-destination: true
+    TLS:
+      ports: [ 443, 8443 ]
+    QUIC:
+      ports: [ 443, 8443 ]
+  skip-domain:
+    - Mijia Cloud
+
+  hosts:
+    mtalk.google.com 108.177.97.188
+    alt1-mtalk.google.com 142.250.141.188
+    alt2-mtalk.google.com 142.250.115.188
+    alt3-mtalk.google.com 64.233.171.188
+    alt4-mtalk.google.com 142.250.152.188
+    alt5-mtalk.google.com 173.194.77.188
+    alt6-mtalk.google.com 173.194.219.188
+    alt7-mtalk.google.com 142.250.112.188
+    alt8-mtalk.google.com 172.217.197.188
+
+# ══════════════════════════════════════════════════════════
+# Tailscale 家庭内网代理
+# ══════════════════════════════════════════════════════════
+proxies:
+  - name: "WSL-Home-Tailscale"
+    type: socks5
+    server: 127.0.0.1
+    port: 1080
+    udp: true
+  - name: oruke-dmit-dialer
+    type: vless
+    server: 154.17.234.228
+    port: 5186
+    uuid: a1d53e89-5922-4956-9f43-8ea94eddc259
+    network: tcp
+    tls: true
+    udp: true
+    xudp: true
+    flow: xtls-rprx-vision
+    servername: academy.nvidia.com
+    reality-opts:
+      public-key: "Atr_tKnp7hoc7lxw2VedbA0TJkTsqEKRYoinJf67u0M"
+      short-id: "6ba85179e30d4fc2"
+    client-fingerprint: chrome
+
+# ══════════════════════════════════════════════════════════
+# 节点订阅源
+# ══════════════════════════════════════════════════════════
+proxy-providers:
+  self-proxies:
+    type: http
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/oruke-self-proxies.yaml
+    path: ./oruke-self-proxies.yaml
+    health-check:
+      enable: true
+      interval: 600
+      lazy: true
+      url: http://www.gstatic.com/generate_204
+  liangyuandian:
+    type: http
+    url: https://www.fightingly.vip/api/v1/client/subscribe?token=7f9f9961ecbd6a17d856887fff9cd87d
+    interval: 172800
+    path: ./oruke-liangyuandian.yaml
+    timeout: 100000
+    health-check:
+      enable: true
+      interval: 600
+      lazy: true
+      url: http://www.gstatic.com/generate_204
+  byWave:
+    type: http
+    url: https://sub.bwbwbw.cc/subscribe/74851/8pPTLIl5ZdDg
+    interval: 172800
+    path: ./oruke-byWave.yaml
+    timeout: 100000
+    health-check:
+      enable: true
+      interval: 600
+      lazy: true
+      url: http://www.gstatic.com/generate_204
+
+# ══════════════════════════════════════════════════════════
+# 代理组 — 按流量特征分类
+# ══════════════════════════════════════════════════════════
+proxy-groups:
+
+  # ── 家庭内网 ──
+  - name: "🏡 家庭内网"
+    type: select
+    proxies:
+      - "WSL-Home-Tailscale"
+      - DIRECT
+    use: [self-proxies]
+
+  # ── 节点池 ──
+  - name: "自动选择"
+    type: url-test
+    use: [self-proxies, byWave, liangyuandian]
+    url: http://www.gstatic.com/generate_204
+    interval: 300
+    tolerance: 50
+
+  - name: "PROXY"
+    type: select
+    proxies:
+      - "自动选择"
+    use: [self-proxies, byWave, liangyuandian]
+
+  # ── 固定组 ──
+
+  - name: "AI"
+    type: select
+    proxies:
+      - PROXY
+    use: [self-proxies, byWave]
+
+  # Tailscale 流量必须直连，否则打洞失败
+  - name: "Tailscale"
+    type: select
+    proxies:
+      - DIRECT
+
+  # ── 按流量特征分组 ──
+
+  # 流媒体: 视频/音频串流，高带宽持续连接 (YouTube, Netflix, Spotify, Twitch...)
+  - name: "流媒体"
+    type: select
+    proxies:
+      - PROXY
+      - "大文件下载"
+    use: [self-proxies, byWave, liangyuandian]
+
+  # 大文件下载: GitHub/Docker/npm/PyPI/HuggingFace/Steam/模型 等批量下载
+  # 不含 byWave (流量贵)
+  - name: "大文件下载"
+    type: select
+    proxies:
+      - PROXY
+    use: [self-proxies, liangyuandian]
+
+  # 社交通讯: Discord/Twitter/Reddit/Telegram/Facebook 等社交平台
+  - name: "社交通讯"
+    type: select
+    proxies:
+      - PROXY
+    use: [self-proxies, byWave, liangyuandian]
+
+  # 日系站点: DLsite/Pixiv/DMM/Niconico/Booth 等 (美国节点内容不全，建议选日本节点)
+  - name: "日系站点"
+    type: select
+    proxies:
+      - PROXY
+    use: [self-proxies, byWave, liangyuandian]
+
+  # Exhentai: 日本节点大量内容不可见，荷兰节点能看全部 (避开日本节点!)
+  - name: "Exhentai"
+    type: select
+    proxies:
+      - PROXY
+    use: [self-proxies, byWave, liangyuandian]
+
+  # PT站点: 网页浏览+Tracker握手走代理，BT文件下载走直连
+  # (applications规则在pt-custom之后，域名优先匹配代理，纯IP的peer连接走DIRECT)
+  - name: "PT站点"
+    type: select
+    proxies:
+      - PROXY
+      - DIRECT
+    use: [self-proxies]
+
+  # ── 平台组 ──
+
+  # Apple: iCloud/App Store/Apple Music 等，默认直连
+  - name: "Apple"
+    type: select
+    proxies:
+      - DIRECT
+      - PROXY
+    use: [self-proxies, byWave, liangyuandian]
+
+  # Google: Search/Maps/Gmail 等 (Drive/Photos 在大文件下载组)
+  - name: "Google"
+    type: select
+    proxies:
+      - PROXY
+    use: [self-proxies, byWave, liangyuandian]
+
+  # Microsoft: Office/Azure 等，默认直连
+  - name: "Microsoft"
+    type: select
+    proxies:
+      - DIRECT
+      - PROXY
+    use: [self-proxies, byWave]
+
+  # 漏网之鱼: 未匹配任何规则的流量
+  - name: "漏网之鱼"
+    type: select
+    proxies:
+      - PROXY
+      - DIRECT
+    use: [self-proxies]
+
+# ══════════════════════════════════════════════════════════
+# 规则集
+# ══════════════════════════════════════════════════════════
+rule-providers:
+
+  # ── 外部规则集 (Loyalsoldier) ──
+  reject:
+    type: http
+    behavior: domain
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
+    path: ./ruleset/reject.yaml
+    interval: 86400
+    timeout: 50000
+
+  icloud:
+    type: http
+    behavior: domain
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
+    path: ./ruleset/icloud.yaml
+    interval: 86400
+    timeout: 50000
+
+  apple:
+    type: http
+    behavior: domain
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
+    path: ./ruleset/apple.yaml
+    interval: 86400
+    timeout: 50000
+
+  proxy:
+    type: http
+    behavior: domain
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
+    path: ./ruleset/proxy-ls.yaml
+    interval: 86400
+    timeout: 50000
+
+  direct:
+    type: http
+    behavior: domain
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
+    path: ./ruleset/direct-ls.yaml
+    interval: 86400
+    timeout: 50000
+
+  private:
+    type: http
+    behavior: domain
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
+    path: ./ruleset/private.yaml
+    interval: 86400
+    timeout: 50000
+
+  gfw:
+    type: http
+    behavior: domain
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
+    path: ./ruleset/gfw.yaml
+    interval: 86400
+    timeout: 50000
+
+  tld-not-cn:
+    type: http
+    behavior: domain
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
+    path: ./ruleset/tld-not-cn.yaml
+    interval: 86400
+    timeout: 50000
+
+  telegramcidr:
+    type: http
+    behavior: ipcidr
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
+    path: ./ruleset/telegramcidr.yaml
+    interval: 86400
+    timeout: 50000
+
+  cncidr:
+    type: http
+    behavior: ipcidr
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
+    path: ./ruleset/cncidr.yaml
+    interval: 86400
+    timeout: 50000
+
+  lancidr:
+    type: http
+    behavior: ipcidr
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
+    path: ./ruleset/lancidr.yaml
+    interval: 86400
+    timeout: 50000
+
+  applications:
+    type: http
+    behavior: classical
+    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
+    path: ./ruleset/applications.yaml
+    interval: 86400
+    timeout: 50000
+
+  # ── 外部规则集 (blackmatrix7) ──
+  microsoft:
+    type: http
+    behavior: classical
+    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Microsoft/Microsoft.yaml"
+    path: ./ruleset/microsoft-bm7.yaml
+    interval: 86400
+    timeout: 50000
+
+  copilot:
+    type: http
+    behavior: classical
+    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Copilot/Copilot.yaml"
+    path: ./ruleset/copilot.yaml
+    interval: 86400
+    timeout: 50000
+
+  openai:
+    type: http
+    behavior: classical
+    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/OpenAI/OpenAI.yaml"
+    path: ./ruleset/openai.yaml
+    interval: 86400
+    timeout: 50000
+
+  # ── 自托管规则集 (Gitea) ──
+  ai-services:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/ai-services.yaml
+    path: ./ruleset/ai-services.yaml
+
+  huggingface:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/huggingface.yaml
+    path: ./ruleset/huggingface.yaml
+
+  high-traffic:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/high-traffic.yaml
+    path: ./ruleset/high-traffic.yaml
+
+  exhentai-custom:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/exhentai.yaml
+    path: ./ruleset/exhentai.yaml
+
+  pt-custom:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/pt.yaml
+    path: ./ruleset/pt.yaml
+
+  steam-custom:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/steam.yaml
+    path: ./ruleset/steam.yaml
+
+  microsoft-custom:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/microsoft.yaml
+    path: ./ruleset/microsoft-custom.yaml
+
+  direct-custom:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/direct.yaml
+    path: ./ruleset/direct-custom.yaml
+
+  proxy-custom:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/proxy.yaml
+    path: ./ruleset/proxy-custom.yaml
+
+  tailscale-custom:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/tailscale.yaml
+    path: ./ruleset/tailscale.yaml
+
+  streaming-custom:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/streaming.yaml
+    path: ./ruleset/streaming.yaml
+
+  social-custom:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/social.yaml
+    path: ./ruleset/social.yaml
+
+  jp-content:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/jp-content.yaml
+    path: ./ruleset/jp-content.yaml
+
+  google-all:
+    type: http
+    behavior: classical
+    url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/google-all.yaml
+    path: ./ruleset/google-all.yaml
+
+# ══════════════════════════════════════════════════════════
+# 分流规则 (按优先级从高到低)
+# ══════════════════════════════════════════════════════════
+rules:
+
+  # ─── 家庭内网 (Tailscale 网段 + 特定节点 + 局域网) ───
+  - IP-CIDR,100.64.0.0/10,🏡 家庭内网,no-resolve
+  - IP-CIDR,100.121.62.2/32,🏡 家庭内网,no-resolve
+  - IP-CIDR,100.100.197.116/32,🏡 家庭内网,no-resolve
+  - IP-CIDR,100.94.64.53/32,🏡 家庭内网,no-resolve
+  - IP-CIDR,192.168.51.0/24,🏡 家庭内网,no-resolve
+  - DOMAIN-SUFFIX,tail87372.ts.net,🏡 家庭内网
+
+  # ─── Tailscale 强制直连 (最高优先，防止打洞失败) ───
+  # 域名规则只能匹配控制面，打洞UDP是纯IP连接，必须用进程名全局绕过
+  - PROCESS-NAME,tailscaled,DIRECT
+  - RULE-SET,tailscale-custom,Tailscale
+
+  # ─── Google 全家桶 (必须在 reject/direct 之前！) ───
+  - RULE-SET,google-all,Google
+
+  # ─── 广告拦截 ───
+  - RULE-SET,reject,REJECT
+
+  # ─── 直连 (局域网、国内) ───
+  - RULE-SET,private,DIRECT
+  - RULE-SET,lancidr,DIRECT
+  - RULE-SET,cncidr,DIRECT
+  - RULE-SET,direct,DIRECT
+  - RULE-SET,direct-custom,DIRECT
+
+  # ─── AI 服务 (非Google的AI：OpenAI/Claude/Copilot等) ───
+  - RULE-SET,ai-services,AI
+  - RULE-SET,openai,AI
+  - RULE-SET,copilot,AI
+
+  # ─── 流媒体 (视频/音频串流，YouTube已在Google组) ───
+  - RULE-SET,streaming-custom,流媒体
+
+  # ─── 日系站点 (DLsite/Pixiv/DMM/Niconico，建议选日本节点) ───
+  - RULE-SET,jp-content,日系站点
+
+  # ─── Exhentai (避开日本节点，荷兰最佳) ───
+  - RULE-SET,exhentai-custom,Exhentai
+
+  # ─── 大文件下载 (GitHub/Docker/npm/Steam/HuggingFace...) ───
+  - RULE-SET,high-traffic,大文件下载
+  - RULE-SET,huggingface,大文件下载
+  - RULE-SET,steam-custom,大文件下载
+
+  # ─── 社交通讯 (Discord/Twitter/Reddit/Telegram...) ───
+  - RULE-SET,social-custom,社交通讯
+  - RULE-SET,telegramcidr,社交通讯
+
+  # ─── PT站点 (网页+Tracker域名走代理) ───
+  - RULE-SET,pt-custom,PT站点
+
+  # ─── BT客户端进程直连 (放在PT之后！PT域名先匹配代理，剩余BT流量走直连) ───
+  - RULE-SET,applications,DIRECT
+
+  # ─── 平台服务 ───
+  - RULE-SET,icloud,Apple
+  - RULE-SET,apple,Apple
+  - RULE-SET,microsoft-custom,Microsoft
+  - RULE-SET,microsoft,Microsoft
+
+  # ─── 通用代理 ───
+  - RULE-SET,proxy-custom,PROXY
+  - RULE-SET,tld-not-cn,PROXY
+  - RULE-SET,proxy,PROXY
+  - RULE-SET,gfw,PROXY
+
+  # ─── 兜底 ───
+  - MATCH,漏网之鱼

clash/config.yaml

@@ -76,6 +76,21 @@ proxies:
     server: 127.0.0.1
     port: 1080
     udp: true
+  - name: oruke-dmit-dialer
+    type: vless
+    server: 154.17.234.228
+    port: 5186
+    uuid: a1d53e89-5922-4956-9f43-8ea94eddc259
+    network: tcp
+    tls: true
+    udp: true
+    xudp: true
+    flow: xtls-rprx-vision
+    servername: academy.nvidia.com
+    reality-opts:
+      public-key: "Atr_tKnp7hoc7lxw2VedbA0TJkTsqEKRYoinJf67u0M"
+      short-id: "6ba85179e30d4fc2"
+    client-fingerprint: chrome
 
 # ══════════════════════════════════════════════════════════
 # 节点订阅源
@@ -83,7 +98,7 @@ proxies:
 proxy-providers:
   self-proxies:
     type: http
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/oruke-self-proxies.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/oruke-self-proxies.yaml
     path: ./oruke-self-proxies.yaml
     health-check:
       enable: true
@@ -265,14 +280,6 @@ rule-providers:
     interval: 86400
     timeout: 50000
 
-  google:
-    type: http
-    behavior: domain
-    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
-    path: ./ruleset/google-ls.yaml
-    interval: 86400
-    timeout: 50000
-
   proxy:
     type: http
     behavior: domain
@@ -370,99 +377,91 @@ rule-providers:
     interval: 86400
     timeout: 50000
 
-  youtube:
-    type: http
-    behavior: classical
-    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/YouTube/YouTube.yaml"
-    path: ./ruleset/youtube.yaml
-    interval: 86400
-    timeout: 50000
-
   # ── 自托管规则集 (Gitea) ──
   ai-services:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/ai-services.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/ai-services.yaml
     path: ./ruleset/ai-services.yaml
 
   huggingface:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/huggingface.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/huggingface.yaml
     path: ./ruleset/huggingface.yaml
 
   high-traffic:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/high-traffic.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/high-traffic.yaml
     path: ./ruleset/high-traffic.yaml
 
   exhentai-custom:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/exhentai.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/exhentai.yaml
     path: ./ruleset/exhentai.yaml
 
   pt-custom:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/pt.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/pt.yaml
     path: ./ruleset/pt.yaml
 
   steam-custom:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/steam.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/steam.yaml
     path: ./ruleset/steam.yaml
 
   microsoft-custom:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/microsoft.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/microsoft.yaml
     path: ./ruleset/microsoft-custom.yaml
 
-  google-custom:
-    type: http
-    behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/google.yaml
-    path: ./ruleset/google-custom.yaml
-
   direct-custom:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/direct.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/direct.yaml
     path: ./ruleset/direct-custom.yaml
 
   proxy-custom:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/proxy.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/proxy.yaml
     path: ./ruleset/proxy-custom.yaml
 
   tailscale-custom:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/tailscale.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/tailscale.yaml
     path: ./ruleset/tailscale.yaml
 
   streaming-custom:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/streaming.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/streaming.yaml
     path: ./ruleset/streaming.yaml
 
   social-custom:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/social.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/social.yaml
     path: ./ruleset/social.yaml
 
   jp-content:
     type: http
     behavior: classical
-    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/jp-content.yaml
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/jp-content.yaml
     path: ./ruleset/jp-content.yaml
 
+  google-all:
+    type: http
+    behavior: classical
+    url: https://git.nas.594186.xyz/oruke/resources/raw/branch/main/clash/ruleset/google-all.yaml
+    path: ./ruleset/google-all.yaml
+
 # ══════════════════════════════════════════════════════════
 # 分流规则 (按优先级从高到低)
 # ══════════════════════════════════════════════════════════
@@ -481,6 +480,9 @@ rules:
   - PROCESS-NAME,tailscaled,DIRECT
   - RULE-SET,tailscale-custom,Tailscale
 
+  # ─── Google 全家桶 (必须在 reject/direct 之前！) ───
+  - RULE-SET,google-all,Google
+
   # ─── 广告拦截 ───
   - RULE-SET,reject,REJECT
 
@@ -491,13 +493,12 @@ rules:
   - RULE-SET,direct,DIRECT
   - RULE-SET,direct-custom,DIRECT
 
-  # ─── AI 服务 ───
+  # ─── AI 服务 (非Google的AI：OpenAI/Claude/Copilot等) ───
   - RULE-SET,ai-services,AI
   - RULE-SET,openai,AI
   - RULE-SET,copilot,AI
 
-  # ─── 流媒体 (视频/音频串流) ───
+  # ─── 流媒体 (视频/音频串流，YouTube已在Google组) ───
-  - RULE-SET,youtube,流媒体
   - RULE-SET,streaming-custom,流媒体
 
   # ─── 日系站点 (DLsite/Pixiv/DMM/Niconico，建议选日本节点) ───
@@ -524,8 +525,6 @@ rules:
   # ─── 平台服务 ───
   - RULE-SET,icloud,Apple
   - RULE-SET,apple,Apple
-  - RULE-SET,google,Google
-  - RULE-SET,google-custom,Google
   - RULE-SET,microsoft-custom,Microsoft
   - RULE-SET,microsoft,Microsoft
 

clash/oruke-self-proxies.yaml

@@ -1,28 +1,8 @@
 proxies:
-  - name: "美国家宽"                   
-    type: vless
-    server: "192.204.62.129"             
-    port: 34188                          
-    uuid: 6431a311-351b-4c48-94e9-ebf0d85b1bf1 
-    network: tcp                       
-    tls: true                          
-    udp: true                          
-    xudp: true                         
-    flow: xtls-rprx-vision                           
-    servername: www.sony.com    
-    client-fingerprint: chrome         
-    reality-opts:
-      public-key: hWt3JDY4hB29F61aU9t8j1ylcMX_NA_o42YVN9XKvBI
-      short-id: 37c22578             
-    mux:
-      enable: true
-      protocol: smux
-      max-connections: 8
-      min-streams: 4    
   - name: oruke-dmit
     type: vless
     server: 154.17.234.228
-    port: 25368
+    port: 5186
     uuid: a1d53e89-5922-4956-9f43-8ea94eddc259
     network: tcp
     tls: true
@@ -49,6 +29,22 @@ proxies:
       public-key: "4hGH-fqzR4s7EUikbO2By2AATwIZG7YP4rI_KpOuJ08"
       short-id: "0d7663c9a7f47e7d"
     client-fingerprint: chrome
+  - name: oruke-oracle1-via-dmit
+    type: vless
+    server: hy-oracle1.594186.xyz
+    port: 2245
+    dialer-proxy: oruke-dmit-dialer
+    uuid: 8473b5af-7034-40bb-9a47-d601e3478e66
+    network: tcp
+    tls: true
+    udp: true
+    xudp: true
+    flow: xtls-rprx-vision
+    servername: learn.microsoft.com
+    reality-opts:
+      public-key: "4hGH-fqzR4s7EUikbO2By2AATwIZG7YP4rI_KpOuJ08"
+      short-id: "0d7663c9a7f47e7d"
+    client-fingerprint: chrome
   - name: oruke-oracle2
     type: vless
     server: hy-oracle2.594186.xyz

clash/ruleset/bing.yaml

@@ -1,16 +0,0 @@
-# NAME: Bing
-# AUTHOR: blackmatrix7
-# REPO: https://github.com/blackmatrix7/ios_rule_script
-# UPDATED: 2025-06-06 09:20:00
-# DOMAIN-SUFFIX: 9
-# TOTAL: 9
-payload:
-  - DOMAIN-SUFFIX,bing.com
-  - DOMAIN-SUFFIX,bing.com.cn
-  - DOMAIN-SUFFIX,bing.net
-  - DOMAIN-SUFFIX,bingads.com
-  - DOMAIN-SUFFIX,bingagencyawards.com
-  - DOMAIN-SUFFIX,bingapistatistics.com
-  - DOMAIN-SUFFIX,bingsandbox.com
-  - DOMAIN-SUFFIX,bingvisualsearch.com
-  - DOMAIN-SUFFIX,bingworld.com

clash/ruleset/dlsite.yaml

@@ -1,5 +0,0 @@
-payload:
-  # DLsite
-  - DOMAIN-SUFFIX,dlsite.com
-  - DOMAIN-SUFFIX,dlsite.jp
-  - DOMAIN-SUFFIX,img.dlsite.jp

clash/ruleset/google-all.yaml

@@ -0,0 +1,88 @@
+payload:
+  # ══════════════════════════════════════════════════════════
+  # Google 全家桶 — 所有 Google 拥有的域名
+  # 用于确保 OAuth 登录等需要 IP 一致性的场景
+  # ══════════════════════════════════════════════════════════
+
+  # ── 核心域名 ──
+  - DOMAIN-SUFFIX,google.com
+  - DOMAIN-SUFFIX,google.co.jp
+  - DOMAIN-SUFFIX,google.co.kr
+  - DOMAIN-SUFFIX,google.co.uk
+  - DOMAIN-SUFFIX,google.com.hk
+  - DOMAIN-SUFFIX,google.com.tw
+  - DOMAIN-SUFFIX,google.com.sg
+  - DOMAIN-SUFFIX,google.de
+  - DOMAIN-SUFFIX,google.fr
+  - DOMAIN-SUFFIX,google.nl
+  - DOMAIN-SUFFIX,google.ca
+  - DOMAIN-SUFFIX,google.com.au
+
+  # ── API / 静态资源 / CDN ──
+  - DOMAIN-SUFFIX,googleapis.com
+  - DOMAIN-SUFFIX,gstatic.com
+  - DOMAIN-SUFFIX,googleusercontent.com
+  - DOMAIN-SUFFIX,gvt1.com
+  - DOMAIN-SUFFIX,gvt2.com
+  - DOMAIN-SUFFIX,ggpht.com
+  - DOMAIN-SUFFIX,googleadservices.com
+  - DOMAIN-SUFFIX,googlesyndication.com
+  - DOMAIN-SUFFIX,googletagmanager.com
+  - DOMAIN-SUFFIX,googletagservices.com
+  - DOMAIN-SUFFIX,googleanalytics.com
+  - DOMAIN-SUFFIX,google-analytics.com
+  - DOMAIN-SUFFIX,googleoptimize.com
+  - DOMAIN-SUFFIX,googletraveladservices.com
+
+  # ── YouTube ──
+  - DOMAIN-SUFFIX,youtube.com
+  - DOMAIN-SUFFIX,ytimg.com
+  - DOMAIN-SUFFIX,youtu.be
+  - DOMAIN-SUFFIX,youtube-nocookie.com
+  - DOMAIN-SUFFIX,youtubeeducation.com
+  - DOMAIN-SUFFIX,youtubekids.com
+  - DOMAIN-SUFFIX,googlevideo.com
+
+  # ── 不含 "google" 的 Google 基础设施 ──
+  - DOMAIN-SUFFIX,goog
+  - DOMAIN-SUFFIX,recaptcha.net
+  - DOMAIN-SUFFIX,1e100.net
+  - DOMAIN-SUFFIX,withgoogle.com
+  - DOMAIN-SUFFIX,withyoutube.com
+  - DOMAIN-SUFFIX,blogspot.com
+  - DOMAIN-SUFFIX,blogger.com
+  - DOMAIN-SUFFIX,ampproject.org
+  - DOMAIN-SUFFIX,abc.xyz
+  - DOMAIN-SUFFIX,chrome.com
+  - DOMAIN-SUFFIX,chromium.org
+  - DOMAIN-SUFFIX,android.com
+  - DOMAIN-SUFFIX,firebase.com
+  - DOMAIN-SUFFIX,firebaseio.com
+  - DOMAIN-SUFFIX,firebaseapp.com
+  - DOMAIN-SUFFIX,firebase.google.com
+  - DOMAIN-SUFFIX,waze.com
+  - DOMAIN-SUFFIX,blog.google
+  - DOMAIN-SUFFIX,deepmind.com
+  - DOMAIN-SUFFIX,deepmind.google
+  - DOMAIN-SUFFIX,waymo.com
+  - DOMAIN-SUFFIX,x.company
+  - DOMAIN-SUFFIX,doubleclick.net
+
+  # ── CN 变体 (被 Loyalsoldier direct 列表标记为直连的) ──
+  - DOMAIN-SUFFIX,googleapis-cn.com
+  - DOMAIN-SUFFIX,gstatic-cn.com
+  - DOMAIN-SUFFIX,googleadservices-cn.com
+  - DOMAIN-SUFFIX,googlesyndication-cn.com
+  - DOMAIN-SUFFIX,googletagmanager-cn.com
+  - DOMAIN-SUFFIX,googletagservices-cn.com
+  - DOMAIN-SUFFIX,googleoptimize-cn.com
+  - DOMAIN-SUFFIX,googletraveladservices-cn.com
+  - DOMAIN-SUFFIX,googlevads-cn.com
+  - DOMAIN-SUFFIX,googleflights-cn.net
+  - DOMAIN-SUFFIX,google-analytics-cn.com
+  - DOMAIN-SUFFIX,googleapps-cn.com
+  - DOMAIN-SUFFIX,dartsearch-cn.net
+  - DOMAIN-SUFFIX,doubleclick-cn.net
+  - DOMAIN-SUFFIX,recaptcha-cn.net
+  - DOMAIN-SUFFIX,gvt1-cn.com
+  - DOMAIN-SUFFIX,gvt2-cn.com

clash/ruleset/google.yaml

@@ -1,144 +0,0 @@
-payload:
-  - '+.265.com'
-  - '+.2mdn-cn.net'
-  - '+.2mdn.net'
-  - '+.admob-cn.com'
-  - '+.adservice.google.com'
-  - '+.app-analytics-services.com'
-  - '+.app-measurement-cn.com'
-  - '+.app-measurement.com'
-  - '+.apps5.oingo.com'
-  - '+.avail.googleflights.net'
-  - '+.beacons.gcp.gvt2.com'
-  - '+.beacons.gvt2.com'
-  - '+.beacons2.gvt2.com'
-  - '+.beacons3.gvt2.com'
-  - '+.c.admob.com'
-  - '+.c.android.clients.google.com'
-  - '+.c.pki.goog'
-  - '+.cache-management-prod.google.com'
-  - '+.cache.pack.google.com'
-  - '+.checkin.gstatic.com'
-  - '+.clickserve.cc-dt.com'
-  - '+.clickserve.dartsearch.net'
-  - '+.clickserver.googleads.com'
-  - '+.clientservices.googleapis.com'
-  - '+.cn.widevine.com'
-  - '+.cnappinstall.googleadapis.com'
-  - '+.connectivitycheck.gstatic.com'
-  - '+.content.googleadapis.com'
-  - '+.crashlyticsreports-pa.googleapis.com'
-  - '+.crl.pki.goog'
-  - '+.csi.gstatic.com'
-  - '+.dartsearch-cn.net'
-  - '+.dg-meta.video.google.com'
-  - '+.dl.google.com'
-  - '+.dl.l.google.com'
-  - '+.doubleclick-cn.net'
-  - '+.doubleclick.net'
-  - '+.download.mlcc.google.com'
-  - '+.download.qatp1.net'
-  - '+.download.tensorflow.google.com'
-  - '+.emmapplecodevice.googleapis.com'
-  - '+.firebase-settings.crashlytics.com'
-  - '+.fontfiles.googleapis.com'
-  - '+.fonts.googleapis.com'
-  - '+.fonts.gstatic.com'
-  - '+.g0.gstatic.com'
-  - '+.g1.gstatic.com'
-  - '+.g2.gstatic.com'
-  - '+.g3.gstatic.com'
-  - '+.go.corp.google.com'
-  - '+.gonglchuangl.net'
-  - '+.gongyichuangyi.net'
-  - '+.google-analytics-cn.com'
-  - '+.google-analytics.com'
-  - '+.googleadservices-cn.com'
-  - '+.googleadservices.com'
-  - '+.googleanalytics.com'
-  - '+.googleapis-cn.com'
-  - '+.googleapps-cn.com'
-  - '+.googleflights-cn.net'
-  - '+.googleoptimize-cn.com'
-  - '+.googleoptimize.com'
-  - '+.googlesyndication-cn.com'
-  - '+.googlesyndication.com'
-  - '+.googletagmanager-cn.com'
-  - '+.googletagmanager.com'
-  - '+.googletagservices-cn.com'
-  - '+.googletagservices.com'
-  - '+.googletraveladservices-cn.com'
-  - '+.googletraveladservices.com'
-  - '+.googlevads-cn.com'
-  - '+.gstatic-cn.com'
-  - '+.gstaticadssl.l.google.com'
-  - '+.gtm.oasisfeng.com'
-  - '+.gvt1-cn.com'
-  - '+.gvt2-cn.com'
-  - '+.imasdk.googleapis.com'
-  - '+.l2-uberproxy.corp.google.com'
-  - '+.logger-dev.corp.google.com'
-  - '+.logger.corp.google.com'
-  - '+.login.corp.google.com'
-  - '+.monitoring.qpdp1.net'
-  - '+.ocsp.pki.goog'
-  - '+.pagead-googlehosted.l.google.com'
-  - '+.performanceparameters.googleapis.com'
-  - '+.pki-goog.l.google.com'
-  - '+.prod-controlbe.floonet.goog'
-  - '+.prod-databe.floonet.goog'
-  - '+.prod.databe.floonet.goog'
-  - '+.proxyconfig.corp.google.com'
-  - '+.qagpublic.qatp1.net'
-  - '+.qgadmin.qcpp1.net'
-  - '+.qiao-cn.com'
-  - '+.qpx.googleflights.net'
-  - '+.qualysapi.qatp1.net'
-  - '+.qualysguard.qpdp1.net'
-  - '+.r.cert.corp.google.com'
-  - '+.rapture-prod.corp.google.com'
-  - '+.recaptcha-cn.net'
-  - '+.recaptcha.net'
-  - '+.redirector.bdn.dev'
-  - '+.redirector.c.chat.google.com'
-  - '+.redirector.c.mail.google.com'
-  - '+.redirector.c.pack.google.com'
-  - '+.redirector.c.play.google.com'
-  - '+.redirector.c.youtubeeducation.com'
-  - '+.redirector.gcpcdn.gvt1.com'
-  - '+.redirector.gvt1.com'
-  - '+.redirector.offline-maps.gvt1.com'
-  - '+.redirector.snap.gvt1.com'
-  - '+.redirector.xn--ngstr-lra8j.com'
-  - '+.safebrowsing-cache.google.com'
-  - '+.safebrowsing.googleapis.com'
-  - '+.scanservice1.qcpp1.net'
-  - '+.service.urchin.com'
-  - '+.ssl-google-analytics.l.google.com'
-  - '+.ssl.gstatic.com'
-  - '+.sslredirect.corp.google.com'
-  - '+.staging-controlbe.floonet.goog'
-  - '+.staging-databe.floonet.goog'
-  - '+.staging.databe.floonet.goog'
-  - '+.streaming-uberproxy-rotation.corp.google.com'
-  - '+.streaming-uberproxy.corp.google.com'
-  - '+.sup-ssh-relay.corp.google.com'
-  - '+.sup-ssh-relay2.corp.google.com'
-  - '+.sup.corp.google.com'
-  - '+.sup.l.google.com'
-  - '+.tac.googleapis.com'
-  - '+.test.gbugs-qa.chromium.org'
-  - '+.tools.google.com'
-  - '+.tools.l.google.com'
-  - '+.uberproxy-debug4.corp.google.com'
-  - '+.uberproxy.corp.google.com'
-  - '+.uberproxy6.corp.google.com'
-  - '+.update.crashlytics.com'
-  - '+.update.googleapis.com'
-  - '+.wear.googleapis.com'
-  - '+.www-google-analytics.l.google.com'
-  - '+.www-googletagmanager.l.google.com'
-  - '+.www.destinationurl.com'
-  - '+.www.gstatic.com'
-  - '+.www.pxcc.com'
-  - '+.xn--flw351e.com'