First Commmit

release/config/config.json

@@ -0,0 +1,41 @@
+{
+  "log": {
+    "level": "info"
+  },
+  "dns": {
+    "servers": [
+      {
+        "type": "tls",
+        "tag": "google",
+        "server": "8.8.8.8"
+      }
+    ]
+  },
+  "inbounds": [
+    {
+      "type": "shadowsocks",
+      "listen": "::",
+      "listen_port": 8080,
+      "network": "tcp",
+      "method": "2022-blake3-aes-128-gcm",
+      "password": "Gn1JUS14bLUHgv1cWDDp4A==",
+      "multiplex": {
+        "enabled": true,
+        "padding": true
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "direct"
+    }
+  ],
+  "route": {
+    "rules": [
+      {
+        "port": 53,
+        "action": "hijack-dns"
+      }
+    ]
+  }
+}

release/config/openwrt.conf

@@ -0,0 +1,5 @@
+config sing-box 'main'
+	option enabled '1'
+	option conffile '/etc/sing-box/config.json'
+	option workdir '/usr/share/sing-box'
+	option log_stderr '1'

release/config/openwrt.init

@@ -0,0 +1,32 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=99
+PROG="/usr/bin/sing-box"
+
+start_service() {
+  config_load "sing-box"
+
+  local enabled config_file working_directory
+  local log_stderr
+  config_get_bool enabled "main" "enabled" "0"
+  [ "$enabled" -eq "1" ] || return 0
+
+  config_get config_file "main" "conffile" "/etc/sing-box/config.json"
+  config_get working_directory "main" "workdir" "/usr/share/sing-box"
+  config_get_bool log_stderr "main" "log_stderr" "1"
+
+  procd_open_instance
+  procd_set_param command "$PROG" run -c "$config_file" -D "$working_directory"
+  procd_set_param file "$config_file"
+  procd_set_param stderr "$log_stderr"
+  procd_set_param limits core="unlimited"
+  procd_set_param limits nofile="1000000 1000000"
+  procd_set_param respawn
+
+  procd_close_instance
+}
+
+service_triggers() {
+  procd_add_reload_trigger "sing-box"
+}

release/config/openwrt.keep

@@ -0,0 +1 @@
+/etc/sing-box/

release/config/openwrt.prerm

@@ -0,0 +1,4 @@
+#!/bin/sh
+[ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0
+. ${IPKG_INSTROOT}/lib/functions.sh
+default_prerm $0 $@

release/config/sing-box-split-dns.xml

@@ -0,0 +1,15 @@
+<!DOCTYPE busconfig PUBLIC
+        "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+    <policy user="root">
+        <allow own="org.freedesktop.resolve1"/>
+        <allow send_destination="org.freedesktop.resolve1"/>
+        <allow receive_sender="org.freedesktop.resolve1"/>
+    </policy>
+    <policy user="sing-box">
+        <allow own="org.freedesktop.resolve1"/>
+        <allow send_destination="org.freedesktop.resolve1"/>
+        <allow receive_sender="org.freedesktop.resolve1"/>
+    </policy>
+</busconfig>

release/config/sing-box.confd

@@ -0,0 +1,6 @@
+# /etc/conf.d/sing-box: config file for /etc/init.d/sing-box
+
+# sing-box configuration path, could be file or directory
+# SINGBOX_CONFIG=/etc/sing-box
+
+# SINGBOX_WORKDIR=/var/lib/sing-box

release/config/sing-box.initd

@@ -0,0 +1,44 @@
+#!/sbin/openrc-run
+
+name=$RC_SVCNAME
+description="sing-box service"
+supervisor="supervise-daemon"
+command="/usr/bin/sing-box"
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+: ${SINGBOX_CONFIG:=${config:-"/etc/sing-box"}}
+
+if [ -d "$SINGBOX_CONFIG" ]; then
+	_config_opt="-C $SINGBOX_CONFIG"
+elif [ -z "$SINGBOX_CONFIG" ]; then
+	_config_opt=""
+else
+	_config_opt="-c $SINGBOX_CONFIG"
+fi
+
+_workdir=${SINGBOX_WORKDIR:-${workdir:-"/var/lib/sing-box"}}
+
+command_args="run --disable-color
+	-D $_workdir
+	$_config_opt"
+
+depend() {
+	after net dns
+}
+
+checkconfig() {
+	ebegin "Checking $RC_SVCNAME configuration"
+	sing-box check -D "$_workdir" $_config_opt
+	eend $?
+}
+
+start_pre() {
+	checkconfig
+}
+
+reload() {
+	ebegin "Reloading $RC_SVCNAME"
+	checkconfig && $supervisor "$RC_SVCNAME" --signal HUP
+	eend $?
+}

release/config/sing-box.postinst

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+systemd-sysusers sing-box.conf

release/config/sing-box.rules

@@ -0,0 +1,8 @@
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.freedesktop.resolve1.set-domains" ||
+         action.id == "org.freedesktop.resolve1.set-default-route" ||
+         action.id == "org.freedesktop.resolve1.set-dns-servers") &&
+        subject.user == "sing-box") {
+        return polkit.Result.YES;
+    }
+});

release/config/sing-box.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=sing-box service
+Documentation=https://sing-box.sagernet.org
+After=network.target nss-lookup.target network-online.target
+
+[Service]
+User=sing-box
+StateDirectory=sing-box
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+ExecStart=/usr/bin/sing-box -D /var/lib/sing-box -C /etc/sing-box run
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10s
+LimitNOFILE=infinity
+
+[Install]
+WantedBy=multi-user.target

release/config/sing-box.sysusers

@@ -0,0 +1 @@
+u sing-box - "sing-box Service"

release/config/sing-box@.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=sing-box service
+Documentation=https://sing-box.sagernet.org
+After=network.target nss-lookup.target network-online.target
+
+[Service]
+User=sing-box
+StateDirectory=sing-box-%i
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+ExecStart=/usr/bin/sing-box -D /var/lib/sing-box-%i -c /etc/sing-box/%i.json run
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10s
+LimitNOFILE=infinity
+
+[Install]
+WantedBy=multi-user.target