nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixos/sing-box: use remote dns, cleanup

Browse source
This commit is contained in:
Guanran Wang 2025-01-16 21:01:09 +08:00
parent 6418827894
commit ddfe7d6d3c
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
2 changed files with 59 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
hosts/dust/default.nix
View file

@ -253,34 +253,13 @@
}; };
}; };
services.sing-box.settings = { services.sing-box.settings.experimental.clash_api = rec {
outbounds = [
{
type = "selector";
tag = "select";
outbounds = [
"tyo0"
"sin0"
"direct"
];
default = "tyo0";
}
];
route = {
final = "select";
};
experimental = {
clash_api = rec {
external_controller = "127.0.0.1:9090"; external_controller = "127.0.0.1:9090";
external_ui = pkgs.metacubexd; external_ui = pkgs.metacubexd;
secret = "hunter2"; secret = "hunter2";
# https://www.v2ex.com/t/1076579 # https://www.v2ex.com/t/1076579
access_control_allow_origin = [ "http://${external_controller}" ]; access_control_allow_origin = [ "http://${external_controller}" ];
}; };
};
};
services.restic.backups.persist.exclude = [ "/persist/home/guanranwang/.local/share/Steam" ]; services.restic.backups.persist.exclude = [ "/persist/home/guanranwang/.local/share/Steam" ];
} }

61
nixos/profiles/sing-box/default.nix
View file

@ -5,6 +5,9 @@
nodes, nodes,
... ...
}: }:
let
proxyServers = lib.filterAttrs (_name: value: lib.elem "proxy" value.tags) nodes;
in
{ {
services.sing-box = { services.sing-box = {
enable = true; enable = true;
@ -13,6 +16,33 @@
level = "info"; level = "info";
}; };
dns = {
servers = [
{
tag = "cloudflare";
address = "https://[2606:4700:4700::1111]/dns-query";
strategy = "prefer_ipv6";
}
{
tag = "local";
address = "local";
strategy = "prefer_ipv4";
}
];
rules = lib.singleton {
rule_set = [
"geoip-cn"
"geosite-cn"
"geosite-private"
];
# avoid querying proxy server's dns from proxy server
domain = lib.mapAttrsToList (_name: node: node.fqdn) proxyServers;
ip_is_private = true;
server = "local";
};
final = "cloudflare";
};
inbounds = lib.singleton { inbounds = lib.singleton {
type = "http"; type = "http";
tag = "inbound"; tag = "inbound";
@ -31,27 +61,34 @@
uuid._secret = config.sops.secrets."sing-box/uuid".path; uuid._secret = config.sops.secrets."sing-box/uuid".path;
flow = "xtls-rprx-vision"; flow = "xtls-rprx-vision";
tls.enabled = true; tls.enabled = true;
}) (lib.filterAttrs (_name: value: lib.elem "proxy" value.tags) nodes) }) proxyServers
++ lib.singleton { ++ [
{
type = "selector";
tag = "select";
outbounds = [
"tyo0"
"sin0"
"direct"
];
default = "tyo0";
}
{
type = "direct"; type = "direct";
tag = "direct"; tag = "direct";
}; }
];
route = { route = {
rules = [ rules = lib.singleton {
{
rule_set = [ rule_set = [
"geoip-cn" "geoip-cn"
"geosite-cn" "geosite-cn"
"geosite-private"
]; ];
outbound = "direct";
}
{
rule_set = [ "geosite-private" ];
ip_is_private = true; ip_is_private = true;
outbound = "direct"; outbound = "direct";
} };
];
rule_set = [ rule_set = [
{ {
@ -74,7 +111,7 @@
} }
]; ];
final = lib.mkDefault "tyo0"; final = "select";
}; };
}; };
}; };