diff --git a/nixos/modules/services/networking/sing-box.nix b/nixos/modules/services/networking/sing-box.nix
index 9f09e528e74d..1eadeaf4cbc1 100644
--- a/nixos/modules/services/networking/sing-box.nix
+++ b/nixos/modules/services/networking/sing-box.nix
@@ -55,11 +55,17 @@ in
     systemd.packages = [ cfg.package ];
 
     systemd.services.sing-box = {
-      preStart = ''
-        umask 0077
-        mkdir -p /etc/sing-box
-        ${utils.genJqSecretsReplacementSnippet cfg.settings "/etc/sing-box/config.json"}
-      '';
+      preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/run/sing-box/config.json";
+      serviceConfig = {
+        StateDirectory = "sing-box";
+        StateDirectoryMode = "0700";
+        RuntimeDirectory = "sing-box";
+        RuntimeDirectoryMode = "0700";
+        ExecStart = [
+          ""
+          "${lib.getExe cfg.package} -D \${STATE_DIRECTORY} -C \${RUNTIME_DIRECTORY} run"
+        ];
+      };
       wantedBy = [ "multi-user.target" ];
     };
   };