From a6cd704ab4f2c35e3aa302912f9a86c41f1a87d7 Mon Sep 17 00:00:00 2001
From: SukkaW <isukkaw@gmail.com>
Date: Tue, 11 Nov 2025 02:07:16 +0800
Subject: [PATCH] Refactor: add nad use `global.ts`

---
 Build/build-global-server-dns-mapping.ts |  36 +++++++
 Build/build-sspanel-appprofile.ts        |   5 +-
 Build/index.ts                           |   2 +
 Source/non_ip/global.conf                | 110 +-------------------
 Source/non_ip/global.ts                  | 127 +++++++++++++++++++++++
 5 files changed, 169 insertions(+), 111 deletions(-)
 create mode 100644 Build/build-global-server-dns-mapping.ts
 create mode 100644 Source/non_ip/global.ts

diff --git a/Build/build-global-server-dns-mapping.ts b/Build/build-global-server-dns-mapping.ts
new file mode 100644
index 00000000..b0763295
--- /dev/null
+++ b/Build/build-global-server-dns-mapping.ts
@@ -0,0 +1,36 @@
+import { appendArrayInPlace } from 'foxts/append-array-in-place';
+import { GLOBAL } from '../Source/non_ip/global';
+import { createGetDnsMappingRule } from './build-domestic-direct-lan-ruleset-dns-mapping-module';
+import { SOURCE_DIR } from './constants/dir';
+import { task } from './trace';
+import { once } from 'foxts/once';
+import path from 'node:path';
+import { readFileIntoProcessedArray } from './lib/fetch-text-by-line';
+import { SHARED_DESCRIPTION } from './constants/description';
+import { RulesetOutput } from './lib/rules/ruleset';
+
+export const getGlobalRulesetPromise = once(async () => {
+  const globals = await readFileIntoProcessedArray(path.join(SOURCE_DIR, 'non_ip/global.conf'));
+  const getDnsMappingRuleWithWildcard = createGetDnsMappingRule(true);
+
+  [GLOBAL].forEach((item) => {
+    Object.values(item).forEach(({ domains }) => {
+      appendArrayInPlace(globals, domains.flatMap(getDnsMappingRuleWithWildcard));
+    });
+  });
+
+  return [globals] as const;
+});
+
+export const buildGlobalRuleset = task(require.main === module, __filename)(async (span) => {
+  const [globals] = await getGlobalRulesetPromise();
+  return new RulesetOutput(span, 'global', 'non_ip')
+    .withTitle('Sukka\'s Ruleset - General Global Services')
+    .appendDescription(
+      SHARED_DESCRIPTION,
+      '',
+      'This file contains rules for services that are NOT available inside the Mainland China.'
+    )
+    .addFromRuleset(globals)
+    .write();
+});
diff --git a/Build/build-sspanel-appprofile.ts b/Build/build-sspanel-appprofile.ts
index 1e8888a2..4f5f38cf 100644
--- a/Build/build-sspanel-appprofile.ts
+++ b/Build/build-sspanel-appprofile.ts
@@ -13,6 +13,7 @@ import { isTruthy, nullthrow } from 'foxts/guard';
 import { appendArrayInPlace } from 'foxts/append-array-in-place';
 import { OUTPUT_INTERNAL_DIR, OUTPUT_SURGE_DIR, SOURCE_DIR } from './constants/dir';
 import { ClashOnlyRulesetOutput } from './lib/rules/ruleset';
+import { getGlobalRulesetPromise } from './build-global-server-dns-mapping';
 
 const POLICY_GROUPS: Array<[name: string, insertProxy: boolean, insertDirect: boolean]> = [
   ['Default Proxy', true, false],
@@ -50,7 +51,7 @@ export const buildSSPanelUIMAppProfile = task(require.main === module, __filenam
     appleRules,
     // streamRules,
     steamDomainset,
-    globalRules,
+    [globalRules],
     telegramRules,
     [domesticCidrs4, domesticCidrs6],
     // [streamCidrs4, streamCidrs6],
@@ -69,7 +70,7 @@ export const buildSSPanelUIMAppProfile = task(require.main === module, __filenam
     // steam - domains
     steamDomainsPromise,
     // global - domains
-    readFileIntoProcessedArray(path.join(OUTPUT_SURGE_DIR, 'non_ip/global.conf')),
+    getGlobalRulesetPromise(),
     readFileIntoProcessedArray(path.join(OUTPUT_SURGE_DIR, 'non_ip/telegram.conf')),
     // domestic - ip cidr
     getChnCidrPromise(),
diff --git a/Build/index.ts b/Build/index.ts
index 56e521dd..4f8a707a 100644
--- a/Build/index.ts
+++ b/Build/index.ts
@@ -13,6 +13,7 @@ import { buildTelegramCIDR } from './build-telegram-cidr';
 import { buildChnCidr } from './build-chn-cidr';
 import { buildSpeedtestDomainSet } from './build-speedtest-domainset';
 import { buildDomesticRuleset } from './build-domestic-direct-lan-ruleset-dns-mapping-module';
+import { buildGlobalRuleset } from './build-global-server-dns-mapping';
 import { buildStreamService } from './build-stream-service';
 
 import { buildRedirectModule } from './build-sgmodule-redirect';
@@ -100,6 +101,7 @@ const buildFinishedLock = path.join(ROOT_DIR, '.BUILD_FINISHED');
       downloadPreviousBuildPromise.then(() => buildChnCidr(rootSpan)),
       downloadPreviousBuildPromise.then(() => buildSpeedtestDomainSet(rootSpan)),
       downloadPreviousBuildPromise.then(() => buildDomesticRuleset(rootSpan)),
+      downloadPreviousBuildPromise.then(() => buildGlobalRuleset(rootSpan)),
       downloadPreviousBuildPromise.then(() => buildRedirectModule(rootSpan)),
       downloadPreviousBuildPromise.then(() => buildAlwaysRealIPModule(rootSpan)),
       downloadPreviousBuildPromise.then(() => buildStreamService(rootSpan)),
diff --git a/Source/non_ip/global.conf b/Source/non_ip/global.conf
index 6e35f494..5376f5a2 100644
--- a/Source/non_ip/global.conf
+++ b/Source/non_ip/global.conf
@@ -1,118 +1,10 @@
-# $ meta_title Sukka's Ruleset - General Global Services
-# $ meta_description This file contains rules for services that are not available inside the Mainland China.
+# $ custom_build_script
 
 # >> Google
-DOMAIN-SUFFIX,abc.xyz
-DOMAIN-SUFFIX,ampproject.org
-DOMAIN-SUFFIX,android.com
-DOMAIN-SUFFIX,androidify.com
-DOMAIN-SUFFIX,appspot.com
-DOMAIN-SUFFIX,autodraw.com
-DOMAIN-SUFFIX,blogger.com
-DOMAIN-SUFFIX,blogblog.com
-DOMAIN-SUFFIX,blogspot.com
-DOMAIN-SUFFIX,capitalg.com
-DOMAIN-SUFFIX,certificate-transparency.org
-DOMAIN-SUFFIX,chrome.com
-DOMAIN-SUFFIX,chromeexperiments.com
-DOMAIN-SUFFIX,chromestatus.com
-DOMAIN-SUFFIX,chromium.org
-DOMAIN-SUFFIX,circle.ms
-DOMAIN-SUFFIX,cloudfunctions.net
-DOMAIN-SUFFIX,creativelab5.com
-DOMAIN-SUFFIX,debug.com
-DOMAIN-SUFFIX,deepmind.com
-DOMAIN-SUFFIX,dialogflow.com
-DOMAIN-SUFFIX,feedburner.com
-DOMAIN-SUFFIX,forms.gle
-DOMAIN-SUFFIX,firebaseio.com
-DOMAIN-SUFFIX,g.co
-DOMAIN-SUFFIX,gcr.io
-DOMAIN-SUFFIX,getmdl.io
-DOMAIN-SUFFIX,getoutline.org
-DOMAIN-SUFFIX,ggpht.com
-DOMAIN-SUFFIX,glitch.com
-DOMAIN-SUFFIX,gmail.com
-DOMAIN-SUFFIX,gmodules.com
-DOMAIN-SUFFIX,godoc.org
-DOMAIN-SUFFIX,golang.org
-DOMAIN-SUFFIX,goo.gl
-DOMAIN-SUFFIX,googl.com
-DOMAIN-SUFFIX,google.com
-DOMAIN-SUFFIX,google.hk
-DOMAIN-SUFFIX,google.com.hk
-DOMAIN-SUFFIX,google.tw
-DOMAIN-SUFFIX,google.com.tw
-DOMAIN-SUFFIX,google.com.sg
-DOMAIN-SUFFIX,google.jp
-DOMAIN-SUFFIX,google.co.jp
-DOMAIN-SUFFIX,googleapis.com
-DOMAIN-SUFFIX,googleapis.cn
-DOMAIN-SUFFIX,googlesource.com
-DOMAIN-SUFFIX,gstatic.com
-DOMAIN-SUFFIX,gv.com
-DOMAIN-SUFFIX,gvt0.com
-DOMAIN-SUFFIX,gvt1.com
-DOMAIN-SUFFIX,gvt2.com
-DOMAIN-SUFFIX,gvt3.com
-DOMAIN-SUFFIX,gvt5.com
-DOMAIN-SUFFIX,gvt6.com
-DOMAIN-SUFFIX,gvt7.com
-DOMAIN-SUFFIX,gvt9.com
-DOMAIN-SUFFIX,gwtproject.org
-DOMAIN-SUFFIX,itasoftware.com
-DOMAIN-SUFFIX,madewithcode.com
-DOMAIN-SUFFIX,material.io
-DOMAIN-SUFFIX,page.link
-DOMAIN-SUFFIX,polymer-project.org
-DOMAIN-SUFFIX,recaptcha.net
-DOMAIN-SUFFIX,shattered.io
-DOMAIN-SUFFIX,synergyse.com
-DOMAIN-SUFFIX,tensorflow.org
-DOMAIN-SUFFIX,tiltbrush.com
-DOMAIN-SUFFIX,translate.goog
-DOMAIN-SUFFIX,waveprotocol.org
-DOMAIN-SUFFIX,waymo.com
-DOMAIN-SUFFIX,web.dev
-DOMAIN-SUFFIX,webmproject.org
-DOMAIN-SUFFIX,webpkgcache.com
-DOMAIN-SUFFIX,webrtc.org
-DOMAIN-SUFFIX,whatbrowser.org
-DOMAIN-SUFFIX,widevine.com
-DOMAIN-SUFFIX,x.company
-DOMAIN-SUFFIX,xn--ngstr-lra8j.com
-DOMAIN-SUFFIX,youtu.be
-DOMAIN-SUFFIX,youtube.com
-DOMAIN-SUFFIX,yt.be
-DOMAIN-SUFFIX,ytimg.com
-DOMAIN-SUFFIX,telephony.goog
-DOMAIN-SUFFIX,1e100.net
-DOMAIN-SUFFIX,nest.com
-DOMAIN-SUFFIX,googlezip.net
-
-DOMAIN-SUFFIX,gooogle.com
-
-DOMAIN-SUFFIX,firebase.com
-
 # This still includes 9to5google, but anyway
 DOMAIN-KEYWORD,google
 DOMAIN-KEYWORD,blogspot
 
-DOMAIN-SUFFIX,dns.google
-# ocsp.pki.goog and o.pki.goog is available in Mainland China
-DOMAIN,pki.goog
-
-# GAE
-DOMAIN-SUFFIX,run.app
-
-# >> Cloudflare
-DOMAIN-SUFFIX,cloudflare-dns.com
-DOMAIN-SUFFIX,cloudflare.com
-DOMAIN-SUFFIX,cloudflare.dev
-DOMAIN-SUFFIX,cloudflareresolve.com
-DOMAIN-SUFFIX,cloudflarestatus.com
-DOMAIN-SUFFIX,cloudflareaccess.com
-
 # >> Reddit
 DOMAIN-SUFFIX,redd.it
 DOMAIN-SUFFIX,reddit.com
diff --git a/Source/non_ip/global.ts b/Source/non_ip/global.ts
new file mode 100644
index 00000000..0821d1c8
--- /dev/null
+++ b/Source/non_ip/global.ts
@@ -0,0 +1,127 @@
+import type { DNSMapping } from './direct';
+
+export const GLOBAL: Record<string, DNSMapping> = {
+  GOOGLE: {
+    hosts: {},
+    // This DNS doesn't include in sukka_local_dns_mapping sgmodule
+    // TODO: make a smartdns/adguardhome config for proxy servers
+    dns: 'https://8.8.4.4/dns-query',
+    realip: false,
+    ruleset: false,
+    domains: [
+      'abc.xyz',
+      'ampproject.org',
+      'android.com',
+      'androidify.com',
+      'appspot.com',
+      'autodraw.com',
+      'blogger.com',
+      'blogblog.com',
+      'blogspot.com',
+      'capitalg.com',
+      'certificate-transparency.org',
+      'chrome.com',
+      'chromeexperiments.com',
+      'chromestatus.com',
+      'chromium.org',
+      'circle.ms',
+      'cloudfunctions.net',
+      'creativelab5.com',
+      'debug.com',
+      'deepmind.com',
+      'dialogflow.com',
+      'feedburner.com',
+      'forms.gle',
+      'firebaseio.com',
+      'g.co',
+      'gcr.io',
+      'getmdl.io',
+      'getoutline.org',
+      'ggpht.com',
+      'glitch.com',
+      'gmail.com',
+      'gmodules.com',
+      'godoc.org',
+      'golang.org',
+      'goo.gl',
+      'googl.com',
+      'google.com',
+      'google.hk',
+      'google.com.hk',
+      'google.tw',
+      'google.com.tw',
+      'google.com.sg',
+      'google.jp',
+      'google.co.jp',
+      'googleapis.com',
+      'googleapis.cn',
+      'googlesource.com',
+      'gstatic.com',
+      'gv.com',
+      'gvt0.com',
+      'gvt1.com',
+      'gvt2.com',
+      'gvt3.com',
+      'gvt5.com',
+      'gvt6.com',
+      'gvt7.com',
+      'gvt9.com',
+      'gwtproject.org',
+      'itasoftware.com',
+      'madewithcode.com',
+      'material.io',
+      'page.link',
+      'polymer-project.org',
+      'recaptcha.net',
+      'shattered.io',
+      'synergyse.com',
+      'tensorflow.org',
+      'tiltbrush.com',
+      'translate.goog',
+      'waveprotocol.org',
+      'waymo.com',
+      'web.dev',
+      'webmproject.org',
+      'webpkgcache.com',
+      'webrtc.org',
+      'whatbrowser.org',
+      'widevine.com',
+      'x.company',
+      'xn--ngstr-lra8j.com',
+      'youtu.be',
+      'youtube.com',
+      'yt.be',
+      'ytimg.com',
+      'telephony.goog',
+      '1e100.net',
+      'nest.com',
+      'googlezip.net',
+      'dns.google',
+      '$pki.goog', // ocsp.pki.goog and o.pki.goog is available in Mainland China
+      //
+      'gooogle.com',
+      'firebase.com',
+      // GAE
+      'run.app',
+      // TLDs
+      'google',
+      'goog'
+    ]
+  },
+  CLOUDFLARE: {
+    hosts: {},
+    // This DNS doesn't include in sukka_local_dns_mapping sgmodule
+    // TODO: make a smartdns/adguardhome config for proxy servers
+    dns: 'https://1.0.0.1/dns-query',
+    realip: false,
+    ruleset: false,
+    domains: [
+      'cloudflare-dns.com',
+      'cloudflare.com',
+      'cloudflare.dev',
+      'cloudflareresolve.com',
+      'cloudflarestatus.com',
+      'cloudflareaccess.com'
+    ]
+  }
+};