dolomite: host sing-box

2023-11-28 21:38:50 +08:00 · 2023-11-28 21:38:50 +08:00 · 500ad4be63
commit 500ad4be63
parent 8b2120f9ec
7 changed files with 167 additions and 35 deletions
--- a/machines/sing-box.nix
+++ b/machines/sing-box.nix
@ -9,6 +9,15 @@ let
  uuid = {
    _secret = config.sops.secrets.singbox_password.path;
  };
+  sg_server = {
+    _secret = config.sops.secrets.singbox_sg_server.path;
+  };
+  sg_password = {
+    _secret = config.sops.secrets.singbox_sg_password.path;
+  };
+  sg_uuid = {
+    _secret = config.sops.secrets.singbox_sg_uuid.path;
+  };
 in
 {
  services.sing-box = {
@ -37,15 +46,23 @@ in
            domain_suffix = server;
            server = "_dns_doh_mainland";
          }
+          {
+            domain_suffix = sg_server;
+            server = "_dns_doh_mainland";
+          }
        ];
        servers = [
          {
-            address = "https://cloudflare-dns.com/dns-query";
-            address_strategy = "prefer_ipv4";
-            address_resolver = "_dns_doh_mainland";
+            address = "tls://dns.google:853/";
+            address_resolver = "_dns_udp_global";
            detour = "_proxy_select";
            tag = "_dns_global";
          }
+          {
+            address = "1.1.1.1";
+            detour = "_proxy_select";
+            tag = "_dns_udp_global";
+          }
          {
            address = "119.29.29.29";
            detour = "direct";
@ -62,9 +79,8 @@ in
            tag = "_dns_block";
          }
        ];
-        strategy = "prefer_ipv4";
        final = "_dns_global";
-        disable_cache = false;
+        disable_cache = true;
      };
      inbounds = [
        {
@ -79,6 +95,7 @@ in
          auto_route = true;
          strict_route = false;
          inet4_address = "172.19.0.1/30";
+          inet6_address = "fdfe:dcba:9876::1/126";
          sniff = true;
        }
      ];
@ -102,7 +119,10 @@ in
        ];
      };
      outbounds = [ 
-        { default = "auto"; outbounds = [ "auto" "direct" "block"]; tag = "_proxy_select"; type = "selector"; }
+        { tag = "selfhost"; type = "urltest"; outbounds = [ "sg1" "sg2" ]; tolerance = 800; url = "http://www.gstatic.com/generate_204"; interval = "1m0s"; }
+        { tag = "sg1"; type = "trojan"; server = sg_server; server_port = 8080; password = sg_password; tls = { enabled = true; server_name = sg_server; utls = { enabled = true; fingerprint = "firefox"; }; }; }
+        { tag = "sg2"; type = "tuic"; congestion_control = "bbr"; server = sg_server; server_port = 6311; uuid = sg_uuid; password = sg_password; tls = { enabled = true; server_name = sg_server; }; }
+        { default = "auto"; outbounds = [ "auto" "selfhost" "direct" "block"]; tag = "_proxy_select"; type = "selector"; }
        { interval = "1m0s"; outbounds = [ "香港SS-01" "香港SS-02" "香港SS-03" "香港SS-04" "日本SS-01" "日本SS-02" "日本SS-03" "美国SS-01" "美国SS-02" "美国SS-03" "台湾SS-01" "台湾SS-02" "台湾SS-03" "台湾SS-04" "香港中继1" "香港中继2" "香港中继3" "香港中继4" "香港中继5" "香港中继6" "香港中继7" "香港中继8" "日本中继1" "日本中继2" "日本中继3" "日本中继4" "美国中继1" "美国中继2" "美国中继3" "美国中继4" "美国中继5" "美国中继6" "美国中继7" "美国中继8" "新加坡中继1" "新加坡中继2" "台湾中继1" "台湾中继2" "台湾中继3" "台湾中继4" "台湾中继5" "台湾中继6" "韩国中继1" "韩国中继2" ]; tag = "auto"; tolerance = 300; type = "urltest"; url = "http://www.gstatic.com/generate_204"; }
        { tag = "direct"; type = "direct"; }
        { tag = "block"; type = "block"; }