2024-08-24 08:10:54 +00:00
|
|
|
{
|
2024-08-27 21:02:01 +00:00
|
|
|
lib,
|
2024-08-24 08:10:54 +00:00
|
|
|
pkgs,
|
|
|
|
|
config,
|
2024-09-30 07:47:57 +00:00
|
|
|
nodes,
|
2024-08-24 08:10:54 +00:00
|
|
|
...
|
2024-08-25 15:02:35 +00:00
|
|
|
}:
|
|
|
|
|
{
|
2024-08-24 08:10:54 +00:00
|
|
|
services.sing-box = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
2024-08-24 08:58:06 +00:00
|
|
|
log = {
|
|
|
|
|
level = "info";
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-29 18:17:30 +00:00
|
|
|
inbounds = lib.singleton {
|
|
|
|
|
type = "http";
|
|
|
|
|
tag = "inbound";
|
|
|
|
|
listen = "127.0.0.1";
|
|
|
|
|
listen_port = 1080;
|
|
|
|
|
sniff = true;
|
|
|
|
|
sniff_override_destination = true;
|
|
|
|
|
};
|
2024-08-24 08:10:54 +00:00
|
|
|
|
2024-09-30 07:47:57 +00:00
|
|
|
outbounds =
|
|
|
|
|
lib.mapAttrsToList (n: v: {
|
2024-08-27 21:02:01 +00:00
|
|
|
type = "vless";
|
2024-09-30 07:47:57 +00:00
|
|
|
tag = n;
|
|
|
|
|
server = v.fqdn;
|
2024-08-27 21:02:01 +00:00
|
|
|
server_port = 27253;
|
2024-09-30 07:47:57 +00:00
|
|
|
uuid._secret = config.sops.secrets."sing-box/uuid".path;
|
2024-08-27 21:02:01 +00:00
|
|
|
flow = "xtls-rprx-vision";
|
2024-08-24 08:10:54 +00:00
|
|
|
tls.enabled = true;
|
2024-09-30 07:47:57 +00:00
|
|
|
}) (lib.filterAttrs (_name: value: lib.elem "proxy" value.tags) nodes)
|
|
|
|
|
++ lib.singleton {
|
2024-08-24 08:10:54 +00:00
|
|
|
type = "direct";
|
|
|
|
|
tag = "direct";
|
2024-09-30 07:47:57 +00:00
|
|
|
};
|
2024-08-24 08:10:54 +00:00
|
|
|
|
|
|
|
|
route = {
|
|
|
|
|
rules = [
|
|
|
|
|
{
|
2024-08-24 13:11:27 +00:00
|
|
|
rule_set = [
|
|
|
|
|
"geoip-cn"
|
|
|
|
|
"geosite-cn"
|
|
|
|
|
];
|
|
|
|
|
outbound = "direct";
|
|
|
|
|
}
|
|
|
|
|
{
|
2024-09-20 17:38:01 +00:00
|
|
|
rule_set = [ "geosite-private" ];
|
2024-08-24 13:11:27 +00:00
|
|
|
ip_is_private = true;
|
2024-08-24 08:10:54 +00:00
|
|
|
outbound = "direct";
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-08-24 13:11:27 +00:00
|
|
|
|
2024-08-24 08:10:54 +00:00
|
|
|
rule_set = [
|
|
|
|
|
{
|
|
|
|
|
tag = "geoip-cn";
|
|
|
|
|
type = "local";
|
|
|
|
|
format = "binary";
|
|
|
|
|
path = "${pkgs.sing-geoip}/share/sing-box/rule-set/geoip-cn.srs";
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
tag = "geosite-cn";
|
|
|
|
|
type = "local";
|
|
|
|
|
format = "binary";
|
|
|
|
|
path = "${pkgs.sing-geosite}/share/sing-box/rule-set/geosite-cn.srs";
|
|
|
|
|
}
|
2024-08-24 13:11:27 +00:00
|
|
|
{
|
|
|
|
|
tag = "geosite-private";
|
|
|
|
|
type = "local";
|
|
|
|
|
format = "binary";
|
|
|
|
|
path = "${pkgs.sing-geosite}/share/sing-box/rule-set/geosite-private.srs";
|
|
|
|
|
}
|
2024-08-24 08:10:54 +00:00
|
|
|
];
|
2024-08-24 13:11:27 +00:00
|
|
|
|
2024-08-27 21:02:01 +00:00
|
|
|
final = lib.mkDefault "tyo0";
|
2024-08-24 08:10:54 +00:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
### System proxy settings
|
2024-08-24 08:58:06 +00:00
|
|
|
networking.proxy = {
|
|
|
|
|
httpProxy = "http://127.0.0.1:1080/";
|
|
|
|
|
httpsProxy = "http://127.0.0.1:1080/";
|
|
|
|
|
};
|
2024-08-24 13:11:27 +00:00
|
|
|
|
2024-08-27 21:44:22 +00:00
|
|
|
programs.fish.shellAliases =
|
2024-08-25 15:02:35 +00:00
|
|
|
let
|
|
|
|
|
inherit (config.networking.proxy) httpProxy httpsProxy;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
"setproxy" = "export http_proxy=${httpProxy} https_proxy=${httpsProxy}";
|
|
|
|
|
"unsetproxy" = "set -e http_proxy https_proxy";
|
|
|
|
|
};
|
2024-08-24 08:10:54 +00:00
|
|
|
|
|
|
|
|
### sops-nix
|
2024-09-30 07:47:57 +00:00
|
|
|
sops.secrets."sing-box/uuid" = {
|
2024-08-25 15:02:35 +00:00
|
|
|
restartUnits = [ "sing-box.service" ];
|
2024-08-24 08:10:54 +00:00
|
|
|
sopsFile = ./secrets.yaml;
|
|
|
|
|
};
|
|
|
|
|
}
|
