From 9e012ecbf272fb46b60a4a7fd97cf7c28aa39ecd Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Fri, 30 Aug 2024 15:14:37 -0400
Subject: [PATCH] nixos/sing-box: generate config file into RuntimeDirectory

---
 nixos/modules/services/networking/sing-box.nix | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/services/networking/sing-box.nix b/nixos/modules/services/networking/sing-box.nix
index 9f09e528e74d..1eadeaf4cbc1 100644
--- a/nixos/modules/services/networking/sing-box.nix
+++ b/nixos/modules/services/networking/sing-box.nix
@@ -55,11 +55,17 @@ in
     systemd.packages = [ cfg.package ];
 
     systemd.services.sing-box = {
-      preStart = ''
-        umask 0077
-        mkdir -p /etc/sing-box
-        ${utils.genJqSecretsReplacementSnippet cfg.settings "/etc/sing-box/config.json"}
-      '';
+      preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/run/sing-box/config.json";
+      serviceConfig = {
+        StateDirectory = "sing-box";
+        StateDirectoryMode = "0700";
+        RuntimeDirectory = "sing-box";
+        RuntimeDirectoryMode = "0700";
+        ExecStart = [
+          ""
+          "${lib.getExe cfg.package} -D \${STATE_DIRECTORY} -C \${RUNTIME_DIRECTORY} run"
+        ];
+      };
       wantedBy = [ "multi-user.target" ];
     };
   };