nixos-config/machines/sing-box.nix

158 lines
9 KiB
Nix
Raw Normal View History

2023-09-26 15:32:52 +00:00
{ config, lib, pkgs, ... }:
let
server = {
_secret = config.sops.secrets.singbox_domain.path;
};
password = {
_secret = config.sops.secrets.singbox_password.path;
};
uuid = {
_secret = config.sops.secrets.singbox_password.path;
};
in
{
services.sing-box = {
enable = true;
settings = {
log = { level = "warning"; };
experimental = {
clash_api = {
external_controller = "127.0.0.1:9090";
store_selected = true;
external_ui = "${config.nur.repos.linyinfeng.yacd}";
};
};
dns = {
rules = [
{
disable_cache = true;
geosite = "category-ads-all";
server = "_dns_block";
}
{
geosite = "cn";
server = "_dns_doh_mainland";
}
{
domain_suffix = "tiktokuu.xyz";
server = "_dns_doh_mainland";
}
];
servers = [
{
address = "https://cloudflare-dns.com/dns-query";
address_strategy = "prefer_ipv4";
address_resolver = "_dns_doh_mainland";
detour = "_proxy_select";
tag = "_dns_global";
}
{
address = "119.29.29.29";
detour = "direct";
tag = "_dns_udp_mainland";
}
{
address = "https://doh.pub/dns-query";
address_resolver = "_dns_udp_mainland";
detour = "direct";
tag = "_dns_doh_mainland";
}
{
address = "rcode://success";
tag = "_dns_block";
}
];
strategy = "prefer_ipv4";
final = "_dns_global";
disable_cache = false;
};
inbounds = [
{
type = "mixed";
tag = "mixed-in";
listen = "127.0.0.1";
listen_port = 7891;
}
{
type = "tun";
tag = "tun-in";
auto_route = true;
strict_route = false;
inet4_address = "172.19.0.1/30";
sniff = true;
}
];
route = {
auto_detect_interface = true;
final = "_proxy_select";
rules = [
{ outbound = "dns-out"; protocol = "dns"; }
{
geoip = "cn";
geosite = "cn";
outbound = "direct";
}
{ geoip = "private"; outbound = "direct"; }
{
geosite = "cn";
geoip = "cn";
invert = true;
outbound = "_proxy_select";
}
];
};
outbounds = [
{ default = "auto"; outbounds = [ "auto" "direct" "block"]; tag = "_proxy_select"; type = "selector"; }
{ interval = "1m0s"; outbounds = [ "SS-01" "SS-02" "SS-03" "SS-04" "SS-01" "SS-02" "SS-03" "SS-01" "SS-02" "SS-03" "SS-01" "SS-02" "SS-03" "SS-04" "1" "2" "3" "4" "5" "6" "7" "8" "1" "2" "3" "4" "1" "2" "3" "4" "5" "6" "7" "8" "1" "2" "1" "2" "3" "4" "5" "6" "1" "2" ]; tag = "auto"; tolerance = 300; type = "urltest"; url = "http://www.gstatic.com/generate_204"; }
{ tag = "direct"; type = "direct"; }
{ tag = "block"; type = "block"; }
{ tag = "dns-out"; type = "dns"; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12001; tag = "SS-01"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12002; tag = "SS-02"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12003; tag = "SS-03"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12004; tag = "SS-04"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12011; tag = "SS-01"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12012; tag = "SS-02"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12013; tag = "SS-03"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12021; tag = "SS-01"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12022; tag = "SS-02"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12023; tag = "SS-03"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12031; tag = "SS-01"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12032; tag = "SS-02"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12033; tag = "SS-03"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server password; method = "aes-128-gcm"; server_port = 12034; tag = "SS-04"; type = "shadowsocks"; udp_over_tcp = false; }
{ inherit server uuid; security = "auto"; server_port = 1201; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1202; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1203; tag = "3"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1204; tag = "4"; transport = { path = "/"; type = "ws"; }; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1205; tag = "5"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1206; tag = "6"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1207; tag = "7"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1208; tag = "8"; transport = { path = "/"; type = "ws"; }; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1211; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1212; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1213; tag = "3"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1214; tag = "4"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1231; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1232; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1233; tag = "3"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1234; tag = "4"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1235; tag = "5"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1236; tag = "6"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1237; tag = "7"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1238; tag = "8"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1241; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1242; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1261; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1262; tag = "2"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1263; tag = "3"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1264; tag = "4"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1265; tag = "5"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1266; tag = "6"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1251; tag = "1"; type = "vmess"; }
{ inherit server uuid; security = "auto"; server_port = 1252; tag = "2"; type = "vmess"; }
];
};
};
}