resources/clash/config.yaml

mode: rule
log-level: info
ipv6: false
geodata-mode: true
tcp-concurrent: true
find-process-mode: always

#自定义 geodata url
geox-url:
  geoip: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
  geosite: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"
  mmdb: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.metadb"

geo-auto-update: true
geo-update-interval: 24

dns:
  enable: true
  listen: 0.0.0.0:53
  ipv6: false
  default-nameserver:
    - 223.5.5.5
    - 1.0.0.1
  enhanced-mode: fake-ip
  fake-ip-range: 198.10.0.1/16
  fake-ip-filter:
    - stun.*.*.*
    - stun.*.*
    - time.windows.com
    - time.nist.gov
    - time.apple.com
    - time.asia.apple.com
    # Tailscale 必须真实 DNS 解析，否则打洞失败
    - '*.tailscale.com'
    - '*.ts.net'
    - controlplane.tailscale.com
    - login.tailscale.com
  use-hosts: true
  nameserver:
    - 1.1.1.1
    - 8.8.8.8

sniffer:
  enable: true
  force-dns-mapping: true
  parse-pure-ip: true
  override-destination: false
  sniff:
    HTTP:
      ports: [ 80, 8080-8880 ]
      override-destination: true
    TLS:
      ports: [ 443, 8443 ]
    QUIC:
      ports: [ 443, 8443 ]
  skip-domain:
    - Mijia Cloud

  hosts:
    mtalk.google.com 108.177.97.188
    alt1-mtalk.google.com 142.250.141.188
    alt2-mtalk.google.com 142.250.115.188
    alt3-mtalk.google.com 64.233.171.188
    alt4-mtalk.google.com 142.250.152.188
    alt5-mtalk.google.com 173.194.77.188
    alt6-mtalk.google.com 173.194.219.188
    alt7-mtalk.google.com 142.250.112.188
    alt8-mtalk.google.com 172.217.197.188

# ══════════════════════════════════════════════════════════
# Tailscale 家庭内网代理
# ══════════════════════════════════════════════════════════
proxies:
  - name: "WSL-Home-Tailscale"
    type: socks5
    server: 127.0.0.1
    port: 1080
    udp: true
  - name: oruke-dmit-dialer
    type: vless
    server: 154.17.234.228
    port: 5186
    uuid: a1d53e89-5922-4956-9f43-8ea94eddc259
    network: tcp
    tls: true
    udp: true
    xudp: true
    flow: xtls-rprx-vision
    servername: academy.nvidia.com
    reality-opts:
      public-key: "Atr_tKnp7hoc7lxw2VedbA0TJkTsqEKRYoinJf67u0M"
      short-id: "6ba85179e30d4fc2"
    client-fingerprint: chrome

# ══════════════════════════════════════════════════════════
# 节点订阅源
# ══════════════════════════════════════════════════════════
proxy-providers:
  self-proxies:
    type: http
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/oruke-self-proxies.yaml
    path: ./oruke-self-proxies.yaml
    health-check:
      enable: true
      interval: 600
      lazy: true
      url: http://www.gstatic.com/generate_204
  liangyuandian:
    type: http
    url: https://www.fightingly.vip/api/v1/client/subscribe?token=7f9f9961ecbd6a17d856887fff9cd87d
    interval: 172800
    path: ./oruke-liangyuandian.yaml
    timeout: 100000
    health-check:
      enable: true
      interval: 600
      lazy: true
      url: http://www.gstatic.com/generate_204
  byWave:
    type: http
    url: https://sub.bwbwbw.cc/subscribe/74851/8pPTLIl5ZdDg
    interval: 172800
    path: ./oruke-byWave.yaml
    timeout: 100000
    health-check:
      enable: true
      interval: 600
      lazy: true
      url: http://www.gstatic.com/generate_204

# ══════════════════════════════════════════════════════════
# 代理组 — 按流量特征分类
# ══════════════════════════════════════════════════════════
proxy-groups:

  # ── 家庭内网 ──
  - name: "🏡 家庭内网"
    type: select
    proxies:
      - "WSL-Home-Tailscale"
      - DIRECT
    use: [self-proxies]

  # ── 节点池 ──
  - name: "自动选择"
    type: url-test
    use: [self-proxies, byWave, liangyuandian]
    url: http://www.gstatic.com/generate_204
    interval: 300
    tolerance: 50

  - name: "PROXY"
    type: select
    proxies:
      - "自动选择"
    use: [self-proxies, byWave, liangyuandian]

  # ── 固定组 ──

  - name: "AI"
    type: select
    proxies:
      - PROXY
    use: [self-proxies, byWave]

  # Tailscale 流量必须直连，否则打洞失败
  - name: "Tailscale"
    type: select
    proxies:
      - DIRECT

  # ── 按流量特征分组 ──

  # 流媒体: 视频/音频串流，高带宽持续连接 (YouTube, Netflix, Spotify, Twitch...)
  - name: "流媒体"
    type: select
    proxies:
      - PROXY
      - "大文件下载"
    use: [self-proxies, byWave, liangyuandian]

  # 大文件下载: GitHub/Docker/npm/PyPI/HuggingFace/Steam/模型 等批量下载
  # 不含 byWave (流量贵)
  - name: "大文件下载"
    type: select
    proxies:
      - PROXY
    use: [self-proxies, liangyuandian]

  # 社交通讯: Discord/Twitter/Reddit/Telegram/Facebook 等社交平台
  - name: "社交通讯"
    type: select
    proxies:
      - PROXY
    use: [self-proxies, byWave, liangyuandian]

  # 日系站点: DLsite/Pixiv/DMM/Niconico/Booth 等 (美国节点内容不全，建议选日本节点)
  - name: "日系站点"
    type: select
    proxies:
      - PROXY
    use: [self-proxies, byWave, liangyuandian]

  # Exhentai: 日本节点大量内容不可见，荷兰节点能看全部 (避开日本节点!)
  - name: "Exhentai"
    type: select
    proxies:
      - PROXY
    use: [self-proxies, byWave, liangyuandian]

  # PT站点: 网页浏览+Tracker握手走代理，BT文件下载走直连
  # (applications规则在pt-custom之后，域名优先匹配代理，纯IP的peer连接走DIRECT)
  - name: "PT站点"
    type: select
    proxies:
      - PROXY
      - DIRECT
    use: [self-proxies]

  # ── 平台组 ──

  # Apple: iCloud/App Store/Apple Music 等，默认直连
  - name: "Apple"
    type: select
    proxies:
      - DIRECT
      - PROXY
    use: [self-proxies, byWave, liangyuandian]

  # Google: Search/Maps/Gmail 等 (Drive/Photos 在大文件下载组)
  - name: "Google"
    type: select
    proxies:
      - PROXY
    use: [self-proxies, byWave, liangyuandian]

  # Microsoft: Office/Azure 等，默认直连
  - name: "Microsoft"
    type: select
    proxies:
      - DIRECT
      - PROXY
    use: [self-proxies, byWave]

  # 漏网之鱼: 未匹配任何规则的流量
  - name: "漏网之鱼"
    type: select
    proxies:
      - PROXY
      - DIRECT
    use: [self-proxies]

# ══════════════════════════════════════════════════════════
# 规则集
# ══════════════════════════════════════════════════════════
rule-providers:

  # ── 外部规则集 (Loyalsoldier) ──
  reject:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
    path: ./ruleset/reject.yaml
    interval: 86400
    timeout: 50000

  icloud:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
    path: ./ruleset/icloud.yaml
    interval: 86400
    timeout: 50000

  apple:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
    path: ./ruleset/apple.yaml
    interval: 86400
    timeout: 50000

  proxy:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
    path: ./ruleset/proxy-ls.yaml
    interval: 86400
    timeout: 50000

  direct:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
    path: ./ruleset/direct-ls.yaml
    interval: 86400
    timeout: 50000

  private:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
    path: ./ruleset/private.yaml
    interval: 86400
    timeout: 50000

  gfw:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
    path: ./ruleset/gfw.yaml
    interval: 86400
    timeout: 50000

  tld-not-cn:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
    path: ./ruleset/tld-not-cn.yaml
    interval: 86400
    timeout: 50000

  telegramcidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
    path: ./ruleset/telegramcidr.yaml
    interval: 86400
    timeout: 50000

  cncidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
    path: ./ruleset/cncidr.yaml
    interval: 86400
    timeout: 50000

  lancidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
    path: ./ruleset/lancidr.yaml
    interval: 86400
    timeout: 50000

  applications:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
    path: ./ruleset/applications.yaml
    interval: 86400
    timeout: 50000

  # ── 外部规则集 (blackmatrix7) ──
  microsoft:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Microsoft/Microsoft.yaml"
    path: ./ruleset/microsoft-bm7.yaml
    interval: 86400
    timeout: 50000

  copilot:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Copilot/Copilot.yaml"
    path: ./ruleset/copilot.yaml
    interval: 86400
    timeout: 50000

  openai:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/OpenAI/OpenAI.yaml"
    path: ./ruleset/openai.yaml
    interval: 86400
    timeout: 50000

  # ── 自托管规则集 (Gitea) ──
  ai-services:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/ai-services.yaml
    path: ./ruleset/ai-services.yaml

  huggingface:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/huggingface.yaml
    path: ./ruleset/huggingface.yaml

  high-traffic:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/high-traffic.yaml
    path: ./ruleset/high-traffic.yaml

  exhentai-custom:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/exhentai.yaml
    path: ./ruleset/exhentai.yaml

  pt-custom:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/pt.yaml
    path: ./ruleset/pt.yaml

  steam-custom:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/steam.yaml
    path: ./ruleset/steam.yaml

  microsoft-custom:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/microsoft.yaml
    path: ./ruleset/microsoft-custom.yaml

  direct-custom:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/direct.yaml
    path: ./ruleset/direct-custom.yaml

  proxy-custom:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/proxy.yaml
    path: ./ruleset/proxy-custom.yaml

  tailscale-custom:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/tailscale.yaml
    path: ./ruleset/tailscale.yaml

  streaming-custom:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/streaming.yaml
    path: ./ruleset/streaming.yaml

  social-custom:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/social.yaml
    path: ./ruleset/social.yaml

  jp-content:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/jp-content.yaml
    path: ./ruleset/jp-content.yaml

  google-all:
    type: http
    behavior: classical
    url: https://git.nas.594186.xyz:16666/oruke/resources/raw/branch/main/clash/ruleset/google-all.yaml
    path: ./ruleset/google-all.yaml

# ══════════════════════════════════════════════════════════
# 分流规则 (按优先级从高到低)
# ══════════════════════════════════════════════════════════
rules:

  # ─── 家庭内网 (Tailscale 网段 + 特定节点 + 局域网) ───
  - IP-CIDR,100.64.0.0/10,🏡 家庭内网,no-resolve
  - IP-CIDR,100.121.62.2/32,🏡 家庭内网,no-resolve
  - IP-CIDR,100.100.197.116/32,🏡 家庭内网,no-resolve
  - IP-CIDR,100.94.64.53/32,🏡 家庭内网,no-resolve
  - IP-CIDR,192.168.51.0/24,🏡 家庭内网,no-resolve
  - DOMAIN-SUFFIX,tail87372.ts.net,🏡 家庭内网

  # ─── Tailscale 强制直连 (最高优先，防止打洞失败) ───
  # 域名规则只能匹配控制面，打洞UDP是纯IP连接，必须用进程名全局绕过
  - PROCESS-NAME,tailscaled,DIRECT
  - RULE-SET,tailscale-custom,Tailscale

  # ─── Google 全家桶 (必须在 reject/direct 之前！) ───
  - RULE-SET,google-all,Google

  # ─── 广告拦截 ───
  - RULE-SET,reject,REJECT

  # ─── 直连 (局域网、国内) ───
  - RULE-SET,private,DIRECT
  - RULE-SET,lancidr,DIRECT
  - RULE-SET,cncidr,DIRECT
  - RULE-SET,direct,DIRECT
  - RULE-SET,direct-custom,DIRECT

  # ─── AI 服务 (非Google的AI：OpenAI/Claude/Copilot等) ───
  - RULE-SET,ai-services,AI
  - RULE-SET,openai,AI
  - RULE-SET,copilot,AI

  # ─── 流媒体 (视频/音频串流，YouTube已在Google组) ───
  - RULE-SET,streaming-custom,流媒体

  # ─── 日系站点 (DLsite/Pixiv/DMM/Niconico，建议选日本节点) ───
  - RULE-SET,jp-content,日系站点

  # ─── Exhentai (避开日本节点，荷兰最佳) ───
  - RULE-SET,exhentai-custom,Exhentai

  # ─── 大文件下载 (GitHub/Docker/npm/Steam/HuggingFace...) ───
  - RULE-SET,high-traffic,大文件下载
  - RULE-SET,huggingface,大文件下载
  - RULE-SET,steam-custom,大文件下载

  # ─── 社交通讯 (Discord/Twitter/Reddit/Telegram...) ───
  - RULE-SET,social-custom,社交通讯
  - RULE-SET,telegramcidr,社交通讯

  # ─── PT站点 (网页+Tracker域名走代理) ───
  - RULE-SET,pt-custom,PT站点

  # ─── BT客户端进程直连 (放在PT之后！PT域名先匹配代理，剩余BT流量走直连) ───
  - RULE-SET,applications,DIRECT

  # ─── 平台服务 ───
  - RULE-SET,icloud,Apple
  - RULE-SET,apple,Apple
  - RULE-SET,microsoft-custom,Microsoft
  - RULE-SET,microsoft,Microsoft

  # ─── 通用代理 ───
  - RULE-SET,proxy-custom,PROXY
  - RULE-SET,tld-not-cn,PROXY
  - RULE-SET,proxy,PROXY
  - RULE-SET,gfw,PROXY

  # ─── 兜底 ───
  - MATCH,漏网之鱼