From dd7b0cf6815b37da2f1789e41f89dcde7a5c5fd1 Mon Sep 17 00:00:00 2001
From: s0me1newithhand7s <git+me@hand7s.org>
Date: Sun, 3 May 2026 15:56:34 +0300
Subject: [PATCH] kyra(hardening): sign-box -> mihomo

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
---
 kyra/services/sing-box.nix | 110 -------------------------------------
 1 file changed, 110 deletions(-)
 delete mode 100644 kyra/services/sing-box.nix

diff --git a/kyra/services/sing-box.nix b/kyra/services/sing-box.nix
deleted file mode 100644
index d4b5656..0000000
--- a/kyra/services/sing-box.nix
+++ /dev/null
@@ -1,110 +0,0 @@
-{lib, ...}: {
-  services = {
-    sing-box = {
-      enable = true;
-      settings = {
-        log = {
-          level = "error";
-        };
-
-        dns = {
-          servers = [
-            {
-              tag = "cloudflare";
-              type = "quic";
-              server = "1.1.1.1";
-            }
-
-            {
-              tag = "local";
-              type = "local";
-            }
-          ];
-
-          final = "cloudflare";
-          strategy = "prefer_ipv4";
-        };
-
-        route = {
-          final = "direct-out";
-          default_domain_resolver = "cloudflare";
-          auto_detect_interface = true;
-        };
-
-        outbounds = [
-          {
-            tag = "direct-out";
-            type = "direct";
-          }
-        ];
-
-        inbounds = [
-          {
-            type = "hysteria2";
-            tag = "hy2-in";
-            listen = "::";
-            listen_port = 2053;
-            masquerade = "https://hand7s.org";
-            up_mbps = 100;
-            down_mbps = 100;
-            obfs = {
-              type = "salamander";
-              password = lib.hashString "sha512" "randomstring"; # not a real string
-            };
-
-            users = [
-              {
-                name = "hand7s";
-                password = lib.hashString "sha512" "userstring"; # not a real string
-              }
-            ];
-
-            tls = {
-              enabled = true;
-              server_name = "hand7s.org";
-              certificate_path = "/var/lib/acme/hand7s.org/cert.pem";
-              key_path = "/var/lib/acme/hand7s.org/key.pem";
-            };
-          }
-
-          {
-            type = "vless";
-            tag = "vless-inbound";
-
-            listen = "::";
-            listen_port = 8443;
-
-            sniff = true;
-
-            users = [
-              {
-                name = "hand7s";
-                uuid = lib.hashString "sha512" "uuidstring"; # not a real string
-                flow = "xtls-rprx-vision";
-              }
-            ];
-
-            tls = {
-              enabled = true;
-              server_name = "hand7s.org";
-              reality = {
-                enabled = true;
-                max_time_difference = "5m";
-                handshake = {
-                  server = "127.0.0.1";
-                  server_port = 443;
-                };
-
-                private_key = lib.hashString "sha512" "uuidstring"; # not a real string
-
-                short_id = [
-                  "shortie"
-                ];
-              };
-            };
-          }
-        ];
-      };
-    };
-  };
-}