From 0c20b462be1e4bf57a61970210b17b7a53f79ea0 Mon Sep 17 00:00:00 2001
From: dichgrem <brcefy@gmail.com>
Date: Thu, 4 Dec 2025 14:46:01 +0800
Subject: [PATCH] chore:remove_gfs

---
 home/gui/proxy/gui-for-singbox.nix |  5 ----
 hosts/dos/env.nix                  |  4 ++-
 hosts/example/env.nix              |  2 ++
 modules/services/sing-box.nix      | 39 ++++++++++++++++++++++++++++++
 4 files changed, 44 insertions(+), 6 deletions(-)
 delete mode 100644 home/gui/proxy/gui-for-singbox.nix
 create mode 100644 modules/services/sing-box.nix

diff --git a/home/gui/proxy/gui-for-singbox.nix b/home/gui/proxy/gui-for-singbox.nix
deleted file mode 100644
index cddd837..0000000
--- a/home/gui/proxy/gui-for-singbox.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{pkgs, ...}: {
-  home.packages = with pkgs; [
-    gui-for-singbox
-  ];
-}
diff --git a/hosts/dos/env.nix b/hosts/dos/env.nix
index ec8bb89..1a8d188 100644
--- a/hosts/dos/env.nix
+++ b/hosts/dos/env.nix
@@ -6,7 +6,9 @@
 
   GPU-AMD = true;
   ### See https://nixos.wiki/wiki/AMD_GPU
-  
+ 
+  SingBox = true;
+
   Power-control = "TLP";
   ### Possible options: PPD ; TLP
 
diff --git a/hosts/example/env.nix b/hosts/example/env.nix
index bd134c3..2c493ef 100644
--- a/hosts/example/env.nix
+++ b/hosts/example/env.nix
@@ -16,6 +16,8 @@
   HotSpot-Use-Case = false;
   ### See https://nixos.wiki/wiki/Internet_Connection_Sharing
 
+  SingBox = true;
+
   Power control = "PPD";
   ### Possible options: PPD ; TLP
 
diff --git a/modules/services/sing-box.nix b/modules/services/sing-box.nix
new file mode 100644
index 0000000..411133d
--- /dev/null
+++ b/modules/services/sing-box.nix
@@ -0,0 +1,39 @@
+{ hostname, lib, pkgs, ... }:
+with lib;
+let
+  inherit (import ../../hosts/${hostname}/env.nix) SingBox;
+in
+{
+  disabledModules = [ "services/networking/sing-box.nix" ];
+
+  config = mkIf SingBox {
+
+    environment.systemPackages = [ pkgs.sing-box ];
+
+    systemd.tmpfiles.rules = [
+      "d /etc/sing-box 0755 root root -"
+    ];
+
+    systemd.services.sing-box = {
+      description = "sing-box service (custom)";
+      after = [ "network.target" ];
+      wantedBy = [ ];
+
+      script = ''
+        exec ${pkgs.sing-box}/bin/sing-box -D "$STATE_DIRECTORY" run -c /etc/sing-box/config.json
+      '';
+
+      serviceConfig = {
+        DynamicUser = true;
+        CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE";
+        AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE";
+
+        NoNewPrivileges = true;
+        StateDirectory = "sing-box";
+        StateDirectoryMode = "0700";
+        Restart = "always";
+        RestartSec = 5;
+      };
+    };
+  };
+}