flake/nixos/profiles/sing-box/default.nix

138 lines
3.1 KiB
Nix
Raw Normal View History

2024-08-24 16:10:54 +08:00
{
2024-08-28 05:02:01 +08:00
lib,
2024-08-24 16:10:54 +08:00
pkgs,
config,
2024-09-30 15:47:57 +08:00
nodes,
2024-08-24 16:10:54 +08:00
...
}:
let
proxyServers = lib.filterAttrs (_name: value: lib.elem "proxy" value.tags) nodes;
in
{
2024-08-24 16:10:54 +08:00
services.sing-box = {
enable = true;
settings = {
2024-08-24 16:58:06 +08:00
log = {
level = "debug";
2024-08-24 16:58:06 +08:00
};
dns = {
servers = [
{
tag = "cloudflare";
address = "https://[2606:4700:4700::1111]/dns-query";
strategy = "prefer_ipv6";
}
{
tag = "local";
address = "local";
strategy = "prefer_ipv4";
}
];
rules = lib.singleton {
rule_set = [
"geosite-cn"
"geosite-private"
];
# avoid querying proxy server's dns from proxy server
domain = lib.mapAttrsToList (_name: node: node.fqdn) proxyServers;
server = "local";
};
final = "cloudflare";
};
2024-08-30 02:17:30 +08:00
inbounds = lib.singleton {
type = "http";
tag = "inbound";
listen = "127.0.0.1";
listen_port = 1080;
sniff = true;
sniff_override_destination = true;
};
2024-08-24 16:10:54 +08:00
2024-09-30 15:47:57 +08:00
outbounds =
lib.mapAttrsToList (n: v: {
2024-08-28 05:02:01 +08:00
type = "vless";
2024-09-30 15:47:57 +08:00
tag = n;
server = v.fqdn;
2024-08-28 05:02:01 +08:00
server_port = 27253;
2024-09-30 15:47:57 +08:00
uuid._secret = config.sops.secrets."sing-box/uuid".path;
2024-08-28 05:02:01 +08:00
flow = "xtls-rprx-vision";
2024-08-24 16:10:54 +08:00
tls.enabled = true;
}) proxyServers
++ [
2024-08-24 16:10:54 +08:00
{
type = "selector";
tag = "select";
outbounds = [
"tyo0"
"sin0"
"direct"
2024-08-24 21:11:27 +08:00
];
default = "tyo0";
2024-08-24 21:11:27 +08:00
}
{
type = "direct";
tag = "direct";
2024-08-24 16:10:54 +08:00
}
];
2024-08-24 21:11:27 +08:00
route = {
rules = lib.singleton {
rule_set = [
"geoip-cn"
"geosite-cn"
"geosite-private"
];
ip_is_private = true;
outbound = "direct";
};
2024-08-24 16:10:54 +08:00
rule_set = [
{
tag = "geoip-cn";
type = "local";
format = "binary";
path = "${pkgs.sing-geoip}/share/sing-box/rule-set/geoip-cn.srs";
}
{
tag = "geosite-cn";
type = "local";
format = "binary";
path = "${pkgs.sing-geosite}/share/sing-box/rule-set/geosite-cn.srs";
}
2024-08-24 21:11:27 +08:00
{
tag = "geosite-private";
type = "local";
format = "binary";
path = "${pkgs.sing-geosite}/share/sing-box/rule-set/geosite-private.srs";
}
2024-08-24 16:10:54 +08:00
];
2024-08-24 21:11:27 +08:00
final = "select";
2024-08-24 16:10:54 +08:00
};
};
};
### System proxy settings
2024-08-24 16:58:06 +08:00
networking.proxy = {
httpProxy = "http://127.0.0.1:1080/";
httpsProxy = "http://127.0.0.1:1080/";
};
2024-08-24 21:11:27 +08:00
2024-08-28 05:44:22 +08:00
programs.fish.shellAliases =
let
inherit (config.networking.proxy) httpProxy httpsProxy;
in
{
"setproxy" = "export http_proxy=${httpProxy} https_proxy=${httpsProxy}";
"unsetproxy" = "set -e http_proxy https_proxy";
};
2024-08-24 16:10:54 +08:00
### sops-nix
2024-09-30 15:47:57 +08:00
sops.secrets."sing-box/uuid" = {
restartUnits = [ "sing-box.service" ];
2024-08-24 16:10:54 +08:00
sopsFile = ./secrets.yaml;
};
}