mirror of
https://github.com/Dichgrem/DCGOS.git
synced 2025-12-16 11:12:00 -05:00
40 lines
1005 B
Nix
40 lines
1005 B
Nix
{ hostname, lib, pkgs, ... }:
|
|
with lib;
|
|
let
|
|
inherit (import ../../hosts/${hostname}/env.nix) SingBox;
|
|
in
|
|
{
|
|
disabledModules = [ "services/networking/sing-box.nix" ];
|
|
|
|
config = mkIf SingBox {
|
|
|
|
environment.systemPackages = [ pkgs.sing-box ];
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /etc/sing-box 0755 root root -"
|
|
];
|
|
|
|
systemd.services.sing-box = {
|
|
description = "sing-box service (custom)";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ ];
|
|
|
|
script = ''
|
|
exec ${pkgs.sing-box}/bin/sing-box -D "$STATE_DIRECTORY" run -c /etc/sing-box/config.json
|
|
'';
|
|
|
|
serviceConfig = {
|
|
DynamicUser = true;
|
|
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE";
|
|
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE";
|
|
|
|
NoNewPrivileges = true;
|
|
StateDirectory = "sing-box";
|
|
StateDirectoryMode = "0700";
|
|
Restart = "always";
|
|
RestartSec = 5;
|
|
};
|
|
};
|
|
};
|
|
}
|