{
imports = [
../../nixos/profiles/dnscrypt-proxy2.nix
- ../../nixos/profiles/wireguard/wg-intra.nix
../../nixos/profiles/networking/ssh.nix
../../nixos/profiles/networking/wifi.nix
- ../../nixos/profiles/openvpn/calyx.nix
- ./wireguard.nix
+ #../../nixos/profiles/openvpn/calyx.nix
networking/nftables.nix
];
install.substituteOnDestination = false;
#networking.domain = "sourcephile.fr";
networking.useDHCP = false;
+ services.tor = {
+ settings = {
+ HashedControlPassword = lib.readFile tor/HashedControlPassword.clear;
+ # https://metrics.torproject.org/rs.html#search/flag:exit%20country:be%20running:true
+ # https://nusenu.github.io/OrNetStats/w/relay/58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.html
+ MapAddress = [
+ "*.gcp.cloud.es.io *.gcp.cloud.es.io.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
+ "*.redbee.live *.redbee.live.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
+ "*.rtbf.be *.rtbf.be.58B81035FC28AACA8F0E85E46C8EBAD7FCFA8404.exit"
+ ];
+ StrictNodes = true;
+ };
+ };
+
networking.nftables.ruleset = lib.mkAfter ''
table inet filter {
chain input {
};
environment.systemPackages = [
- pkgs.iw
pkgs.modem-manager-gui
+ #pkgs.tor-ctrl # Not packaged yet
];
systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
sourcephile / git / julm / julm-nix.git / blobdiff