modules: add sing-box module

machines/calcite/network.nix

@@ -1,9 +1,7 @@
-{ pkgs, ...}:
+{ config, pkgs, ...}:
 
 {
-  imports = [
-    ../sing-box.nix
-  ];
+  imports = [ ];
 
   # Enable networking
   networking = {
@@ -21,12 +19,20 @@
   services.tailscale.enable = true;
   # services.tailscale.useRoutingFeatures = "both";
 
+  custom.sing-box = {
+    enable = true;
+    configFile = {
+      urlFile = config.sops.secrets.sing_box_url.path;
+      hash = "6ca5bc8a16f8c413227690aceeee2c12c02cab09473c216b849af1e854b98588";
+    };
+    overrideSettings.experimental.clash_api.external_ui = "${config.nur.repos.linyinfeng.yacd}";
+  };
+
   # Open ports in the firewall.
   networking.firewall.enable = true;
   networking.firewall.allowedTCPPorts = [ 3389 ];
   networking.firewall.allowedUDPPorts = [ 3389 41641 ];
   networking.firewall.trustedInterfaces = [
-    "tun0"
     "tailscale0"
   ];
   # Use nftables to manager firewall