]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/nan2gua1/tor.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
+use/op(jj): tweak config
[julm/julm-nix.git] / hosts / nan2gua1 / tor.nix
1 { pkgs, lib, ... }:
2 let
3 torjail = "torjail";
4 in
5 {
6 imports = [
7 ../../nixos/profiles/tor.nix
8 ];
9 config = {
10 services.tor = {
11 relay = {
12 /*
13 role = "private-bridge";
14 onionServices."radicle/1" = {
15 map = [
16 {
17 port = 8776;
18 target = {
19 port = 8777;
20 };
21 }
22 ];
23 };
24 */
25 };
26 settings = {
27 TransPort = {
28 addr = "172.16.0.1";
29 port = 9040;
30 };
31 DNSPort = {
32 addr = "172.16.0.1";
33 port = 53;
34 };
35 VirtualAddrNetwork = "10.192.0.0/10";
36 AutomapHostsOnResolve = true;
37 HashedControlPassword = lib.readFile tor/HashedControlPassword.clear;
38 # https://metrics.torproject.org/rs.html#search/flag:exit%20country:be%20running:true
39 # https://nusenu.github.io/OrNetStats/w/relay/58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.html
40 MapAddress = [
41 "*.gcp.cloud.es.io *.gcp.cloud.es.io.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
42 "*.redbee.live *.redbee.live.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
43 "*.rtbf.be *.rtbf.be.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
44 ];
45 StrictNodes = true;
46 };
47 };
48
49 /*
50 networking.networkmanager = {
51 unmanaged = [
52 "out-${torjail}"
53 "in-${torjail}"
54 ];
55 };
56
57 systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
58 systemd.network.enable = true;
59 systemd.network.wait-online.enable = false;
60 systemd.network.netdevs = {
61 "10-${torjail}" = {
62 netdevConfig = {
63 Name = "out-${torjail}";
64 Kind = "veth";
65 };
66 peerConfig = {
67 Name = "in-${torjail}";
68 };
69 };
70 };
71
72 networking.nftables.rulesets = lib.mkAfter '''';
73 */
74 };
75 }
julm's NixOS and home-manager configs