calcite: replace clash with sing-box

machines/calcite/configuration.nix

@@ -7,7 +7,6 @@
       ./hardware-configuration.nix
       ./network.nix
       ../sops.nix
-      ../clash.nix
     ];
 
   # Bootloader.
@@ -191,6 +190,7 @@
     # Browser
     firefox
     chromium
+    brave
     microsoft-edge
 
     # Writting

machines/calcite/network.nix

@@ -1,31 +1,20 @@
 { pkgs, ...}:
 
 {
+  imports = [
+    ../sing-box.nix
+  ];
+
   # Enable networking
   networking = {
     networkmanager = {
       enable = true;
       dns = "systemd-resolved";
-      # dns = "resolvconf";
     };
   };
 
   services.resolved = {
     enable = true;
-    extraConfig = ''
-    [Resolve]
-    Domains=~. 
-    DNS=127.0.0.1
-    '';
-    # DNSOverTLS=opportunistic
-  };
-
-  # Configure network proxy if necessary
-  networking.proxy = {
-    allProxy = "socks5://127.0.0.1:7891/";
-    httpProxy = "http://127.0.0.1:7890/";
-    httpsProxy = "http://127.0.0.1:7890/";
-    noProxy = "127.0.0.1,localhost,internal.domain,.coho-tet.ts.net";
   };
 
   # Enable Tailscale
@@ -33,15 +22,15 @@
   # services.tailscale.useRoutingFeatures = "both";
 
   # Open ports in the firewall.
+  networking.firewall.enable = true;
   networking.firewall.allowedTCPPorts = [ ];
   networking.firewall.allowedUDPPorts = [ 41641 ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
   networking.firewall.trustedInterfaces = [
+    "tun0"
     "tailscale0"
   ];
-
-  programs.steam.remotePlay.openFirewall = true;
+  # Use nftables to manager firewall
+  networking.nftables.enable = true;
 
   # Add gsconnect, open firewall
   programs.kdeconnect = {
@@ -53,9 +42,4 @@
     enable = true;
     package = pkgs.wireshark-qt;
   };
-
-  # services.gnome.gnome-remote-desktop.enable = true;
-  # services.xrdp.enable = true;
-  # services.xrdp.openFirewall = true;
-  # services.xrdp.defaultWindowManager = icewm;
 }