chore:remove_gfs

2025-12-16 19:22:00 -05:00 · 2025-12-04 14:46:01 +08:00
parent e3ff465632
commit 0c20b462be
4 changed files with 44 additions and 6 deletions
--- a/modules/services/sing-box.nix
+++ b/modules/services/sing-box.nix
@@ -0,0 +1,39 @@
+{ hostname, lib, pkgs, ... }:
+with lib;
+let
+  inherit (import ../../hosts/${hostname}/env.nix) SingBox;
+in
+{
+  disabledModules = [ "services/networking/sing-box.nix" ];
+
+  config = mkIf SingBox {
+
+    environment.systemPackages = [ pkgs.sing-box ];
+
+    systemd.tmpfiles.rules = [
+      "d /etc/sing-box 0755 root root -"
+    ];
+
+    systemd.services.sing-box = {
+      description = "sing-box service (custom)";
+      after = [ "network.target" ];
+      wantedBy = [ ];
+
+      script = ''
+        exec ${pkgs.sing-box}/bin/sing-box -D "$STATE_DIRECTORY" run -c /etc/sing-box/config.json
+      '';
+
+      serviceConfig = {
+        DynamicUser = true;
+        CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE";
+        AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE";
+
+        NoNewPrivileges = true;
+        StateDirectory = "sing-box";
+        StateDirectoryMode = "0700";
+        Restart = "always";
+        RestartSec = 5;
+      };
+    };
+  };
+}