{ pkgs, config, ... }:
let
  inherit (config.users) users;
in
{
  environment.systemPackages = [
    pkgs.nyx
  ];
  services.tor = {
    enable = true;
    enableGeoIP = true;
    controlSocket.enable = true;
    client.enable = true;
  };
  services.privoxy.enable = true;
  services.privoxy.enableTor = true;
  networking.nftables.ruleset = ''
    table inet filter {
      chain output-net {
        meta skuid ${users.tor.name} \
          meta l4proto tcp \
          counter accept \
          comment "Tor"
      }
    }
  '';
}