den
 1{lib, ...}: {
 2  den.aspects.services.provides.mihomo.nixos = {
 3    config,
 4    pkgs,
 5    ...
 6  }: let
 7    inherit (lib) mkOption types;
 8    format = pkgs.formats.yaml {};
 9    cfg = config.services.mihomo.config;
10  in {
11    options.services.mihomo.config = mkOption {
12      default = {};
13      type = types.submodule {
14        freeformType = format.type;
15        options = {
16          tun = {
17            enable = mkOption {
18              default = config.options.services.mihomo.tunMode;
19              type = types.bool;
20            };
21            device = mkOption {
22              default = "utun0";
23              type = types.str;
24            };
25          };
26        };
27      };
28    };
29
30    config = {
31      networking.firewall.trustedInterfaces = lib.mkIf config.services.mihomo.tunMode [cfg.tun.device];
32      vaultix.templates."mihomo-config.yaml".content = builtins.toJSON cfg;
33      services.mihomo.configFile = config.vaultix.templates."mihomo-config.yaml".path;
34    };
35  };
36}