nixfiles/hosts/koi/services/sing-box.nix

{ config, ... }:

{

  desu.secrets.arumi-singbox-pub = {};
  desu.secrets.arumi-singbox-sid = {};
  desu.secrets.arumi-singbox-koi-uuid = {};
  desu.secrets.vless-sakura-ip = {};
  desu.secrets.vless-sakura-pk = {};
  desu.secrets.vless-sakura-sid = {};
  desu.secrets.vless-sakura-uuid = {};

  services.sing-box = {
    enable = true;
    settings = {
      log.level = "warning";

      inbounds = [
        {
          tag = "mixed-in";
          type = "mixed";
          listen = "0.0.0.0";
          listen_port = 7890;
        }
      ];

      outbounds = [
        { tag = "direct"; type = "direct"; }
        {
          tag = "xtls-arumi";
          type = "vless";
          flow = "xtls-rprx-vision";
          server = config.desu.readUnsafeSecret "arumi-ip";
          server_port = 443;
          domain_strategy = "";
          packet_encoding = "";
          tls = {
            enabled = true;
            alpn = [ "h2" ];
            server_name = "updates.cdn-apple.com";
            reality = {
              enabled = true;
              public_key._secret = config.desu.secrets.arumi-singbox-pub.path;
              short_id._secret = config.desu.secrets.arumi-singbox-sid.path;
            };
            utls = { enabled = true; fingerprint = "edge"; };
          };
          uuid._secret = config.desu.secrets.arumi-singbox-koi-uuid.path;
        }
        {
          # thanks kamillaova
          tag = "xtls-sakura";
          flow = "xtls-rprx-vision";
          server._secret = config.desu.secrets.vless-sakura-ip.path;
          server_port = 443;
          tls = {
            alpn = [ "h2" ];
            enabled = true;
            reality = {
              enabled = true;
              public_key._secret = config.desu.secrets.vless-sakura-pk.path;
              short_id._secret = config.desu.secrets.vless-sakura-sid.path;
            };
            server_name = "telegram.org";
            utls = { enabled = true; fingerprint = "edge"; };
          };
          type = "vless";
          uuid._secret = config.desu.secrets.vless-sakura-uuid.path;
        }
        {
          tag = "final";
          type = "urltest";
          outbounds = [
            "xtls-arumi"
            "xtls-sakura"
          ];
        }
      ];

      route.final = "final";
    };
  };

  networking.firewall.allowedTCPPorts = [ 7890 ];
}
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`{ config, ... }:`
chore: shadowsocks-rust -> sing-box 2024-05-11 07:16:10 +03:00
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`{`

			`desu.secrets.arumi-singbox-pub = {};`
			`desu.secrets.arumi-singbox-sid = {};`
			`desu.secrets.arumi-singbox-koi-uuid = {};`
			`desu.secrets.vless-sakura-ip = {};`
			`desu.secrets.vless-sakura-pk = {};`
			`desu.secrets.vless-sakura-sid = {};`
			`desu.secrets.vless-sakura-uuid = {};`
chore: shadowsocks-rust -> sing-box 2024-05-11 07:16:10 +03:00
			`services.sing-box = {`
			`enable = true;`
			`settings = {`
chore(koi): reworked proxying 2024-06-17 02:41:32 +03:00			`log.level = "warning";`
chore: shadowsocks-rust -> sing-box 2024-05-11 07:16:10 +03:00
			`inbounds = [`
			`{`
			`tag = "mixed-in";`
			`type = "mixed";`
			`listen = "0.0.0.0";`
			`listen_port = 7890;`
			`}`
			`];`

			`outbounds = [`
			`{ tag = "direct"; type = "direct"; }`
			`{`
feat: added arumi host and moved stuff from madohomu there 2024-08-30 11:34:22 +03:00			`tag = "xtls-arumi";`
fix(koi): use madohomu proxy 2024-06-07 11:53:19 +03:00			`type = "vless";`
			`flow = "xtls-rprx-vision";`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`server = config.desu.readUnsafeSecret "arumi-ip";`
fix(koi): use madohomu proxy 2024-06-07 11:53:19 +03:00			`server_port = 443;`
			`domain_strategy = "";`
			`packet_encoding = "";`
			`tls = {`
chore: shadowsocks-rust -> sing-box 2024-05-11 07:16:10 +03:00			`enabled = true;`
fix(koi): use madohomu proxy 2024-06-07 11:53:19 +03:00			`alpn = [ "h2" ];`
			`server_name = "updates.cdn-apple.com";`
			`reality = {`
			`enabled = true;`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`public_key._secret = config.desu.secrets.arumi-singbox-pub.path;`
			`short_id._secret = config.desu.secrets.arumi-singbox-sid.path;`
fix(koi): use madohomu proxy 2024-06-07 11:53:19 +03:00			`};`
			`utls = { enabled = true; fingerprint = "edge"; };`
chore: shadowsocks-rust -> sing-box 2024-05-11 07:16:10 +03:00			`};`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`uuid._secret = config.desu.secrets.arumi-singbox-koi-uuid.path;`
fix(koi): use madohomu proxy 2024-06-07 11:53:19 +03:00			`}`
			`{`
chore(koi): reworked proxying 2024-06-17 02:41:32 +03:00			`# thanks kamillaova`
			`tag = "xtls-sakura";`
			`flow = "xtls-rprx-vision";`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`server._secret = config.desu.secrets.vless-sakura-ip.path;`
chore(koi): reworked proxying 2024-06-17 02:41:32 +03:00			`server_port = 443;`
			`tls = {`
			`alpn = [ "h2" ];`
			`enabled = true;`
			`reality = {`
			`enabled = true;`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`public_key._secret = config.desu.secrets.vless-sakura-pk.path;`
			`short_id._secret = config.desu.secrets.vless-sakura-sid.path;`
chore(koi): reworked proxying 2024-06-17 02:41:32 +03:00			`};`
			`server_name = "telegram.org";`
			`utls = { enabled = true; fingerprint = "edge"; };`
			`};`
			`type = "vless";`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`uuid._secret = config.desu.secrets.vless-sakura-uuid.path;`
chore(koi): reworked proxying 2024-06-17 02:41:32 +03:00			`}`
			`{`
			`tag = "final";`
chore(koi): reworked proxy yet again decided to move routing to router after all. will get back to handling this in nix once i make the server a router 2024-06-17 13:52:14 +03:00			`type = "urltest";`
chore(koi): reworked proxying 2024-06-17 02:41:32 +03:00			`outbounds = [`
feat: added arumi host and moved stuff from madohomu there 2024-08-30 11:34:22 +03:00			`"xtls-arumi"`
chore(koi): reworked proxy yet again decided to move routing to router after all. will get back to handling this in nix once i make the server a router 2024-06-17 13:52:14 +03:00			`"xtls-sakura"`
chore(koi): reworked proxying 2024-06-17 02:41:32 +03:00			`];`
			`}`
chore: shadowsocks-rust -> sing-box 2024-05-11 07:16:10 +03:00			`];`

chore(koi): reworked proxy yet again decided to move routing to router after all. will get back to handling this in nix once i make the server a router 2024-06-17 13:52:14 +03:00			`route.final = "final";`
chore: shadowsocks-rust -> sing-box 2024-05-11 07:16:10 +03:00			`};`
			`};`

chore(koi): reworked proxy yet again decided to move routing to router after all. will get back to handling this in nix once i make the server a router 2024-06-17 13:52:14 +03:00			`networking.firewall.allowedTCPPorts = [ 7890 ];`
chore: shadowsocks-rust -> sing-box 2024-05-11 07:16:10 +03:00			`}`