diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 43fcc68ded4..6e8f062c169 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1013,6 +1013,7 @@
   ./services/networking/shorewall.nix
   ./services/networking/shorewall6.nix
   ./services/networking/shout.nix
+  ./services/networking/sing-box.nix
   ./services/networking/sitespeed-io.nix
   ./services/networking/skydns.nix
   ./services/networking/smartdns.nix
diff --git a/nixos/modules/services/networking/sing-box.nix b/nixos/modules/services/networking/sing-box.nix
new file mode 100644
index 00000000000..d32725f7714
--- /dev/null
+++ b/nixos/modules/services/networking/sing-box.nix
@@ -0,0 +1,66 @@
+{ config, lib, pkgs, utils, ... }:
+let
+  cfg = config.services.sing-box;
+  settingsFormat = pkgs.formats.json { };
+in
+{
+
+  meta = {
+    maintainers = with lib.maintainers; [ nickcao ];
+  };
+
+  options = {
+    services.sing-box = {
+      enable = lib.mkEnableOption (lib.mdDoc "sing-box universal proxy platform");
+
+      package = lib.mkPackageOptionMD pkgs "sing-box" { };
+
+      settings = lib.mkOption {
+        type = lib.types.submodule {
+          freeformType = settingsFormat.type;
+          options = {
+            route = {
+              geoip.path = lib.mkOption {
+                type = lib.types.path;
+                default = "${pkgs.sing-geoip}/share/sing-box/geoip.db";
+                defaultText = lib.literalExpression "\${pkgs.sing-geoip}/share/sing-box/geoip.db";
+                description = lib.mdDoc ''
+                  The path to the sing-geoip database.
+                '';
+              };
+              geosite.path = lib.mkOption {
+                type = lib.types.path;
+                default = "${pkgs.sing-geosite}/share/sing-box/geosite.db";
+                defaultText = lib.literalExpression "\${pkgs.sing-geosite}/share/sing-box/geosite.db";
+                description = lib.mdDoc ''
+                  The path to the sing-geosite database.
+                '';
+              };
+            };
+          };
+        };
+        default = { };
+        description = lib.mdDoc ''
+          The sing-box configuration, see https://sing-box.sagernet.org/configuration/ for documentation.
+
+          Options containing secret data should be set to an attribute set
+          containing the attribute `_secret` - a string pointing to a file
+          containing the value the option should be set to.
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.packages = [ cfg.package ];
+
+    systemd.services.sing-box = {
+      preStart = ''
+        mkdir -p /etc/sing-box
+        ${utils.genJqSecretsReplacementSnippet cfg.settings "/etc/sing-box/config.json"}
+      '';
+      wantedBy = [ "multi-user.target" ];
+    };
+  };
+
+}