| blob | becf8b62eb7ec693d642d2320520857590efc2bb |
1 {
2 config,
3 lib,
4 pkgs,
5 utils,
6 ...
7 }:
8 let
9 cfg = config.services.sing-box;
10 settingsFormat = pkgs.formats.json { };
11 in
12 {
14 meta = {
15 maintainers = with lib.maintainers; [ nickcao ];
16 };
18 options = {
19 services.sing-box = {
20 enable = lib.mkEnableOption "sing-box universal proxy platform";
22 package = lib.mkPackageOption pkgs "sing-box" { };
24 settings = lib.mkOption {
25 type = lib.types.submodule {
26 freeformType = settingsFormat.type;
27 options = {
28 route = {
29 geoip.path = lib.mkOption {
30 type = lib.types.path;
31 default = "${pkgs.sing-geoip}/share/sing-box/geoip.db";
32 defaultText = lib.literalExpression "\${pkgs.sing-geoip}/share/sing-box/geoip.db";
33 description = ''
34 The path to the sing-geoip database.
35 '';
36 };
37 geosite.path = lib.mkOption {
38 type = lib.types.path;
39 default = "${pkgs.sing-geosite}/share/sing-box/geosite.db";
40 defaultText = lib.literalExpression "\${pkgs.sing-geosite}/share/sing-box/geosite.db";
41 description = ''
42 The path to the sing-geosite database.
43 '';
44 };
45 };
46 };
47 };
48 default = { };
49 description = ''
50 The sing-box configuration, see https://sing-box.sagernet.org/configuration/ for documentation.
52 Options containing secret data should be set to an attribute set
53 containing the attribute `_secret` - a string pointing to a file
54 containing the value the option should be set to.
55 '';
56 };
57 };
58 };
60 config = lib.mkIf cfg.enable {
61 systemd.packages = [ cfg.package ];
63 systemd.services.sing-box = {
64 preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/run/sing-box/config.json";
65 serviceConfig = {
66 StateDirectory = "sing-box";
67 StateDirectoryMode = "0700";
68 RuntimeDirectory = "sing-box";
69 RuntimeDirectoryMode = "0700";
70 ExecStart = [
71 ""
72 "${lib.getExe cfg.package} -D \${STATE_DIRECTORY} -C \${RUNTIME_DIRECTORY} run"
73 ];
74 };
75 wantedBy = [ "multi-user.target" ];
76 };
77 };
79 }