nftables: retake at ICMPv6 and other stuffs

[sourcephile-nix.git] / machines / losurdo / networking / tor.nix

{ pkgs, lib, config, ... }:
let inherit (config) networking; in
{
environment.systemPackages = [
  pkgs.tor
  pkgs.pythonPackages.stem
  pkgs.nyx
];

systemd.services.tor-init.script = ''
  install -d -m 700 -o tor -g tor /var/lib/tor/onion/${networking.domain}
'';
/*
systemd.services.tor.serviceConfig.StateDirectory = [
  "tor"
  "tor/onion"
  "tor/onion/${networking.domain}"
];
*/
systemd.services.tor.serviceConfig.StateDirectoryMode = "0700";
services.tor = {
  enable = true;
  enableGeoIP = false;
  controlSocket.enable = true;
  relay.enable = true;
  relay.role = "private-bridge";
  relay.port = 443;
  hiddenServices = {
    "${networking.domain}/${networking.hostName}".map = [
      { port = 22; }
    ];
  };
  extraConfig = ''
    ClientUseIPv4 1
    ClientUseIPv6 1
    ClientPreferIPv6ORPort 0
  '';
};
/*
# copy your onion folder
boot.initrd.secrets = {
  "/etc/tor/onion/bootup" = /home/tony/tor/onion; # maybe find a better spot to store this.
};

# copy tor to you initrd
boot.initrd.extraUtilsCommands = ''
  copy_bin_and_libs ${pkgs.tor}/bin/tor
'';

# start tor during boot process
boot.initrd.network.postCommands = let
  torRc = (pkgs.writeText "tor.rc" ''
    DataDirectory /etc/tor
    SOCKSPort 127.0.0.1:9050 IsolateDestAddr
    SOCKSPort 127.0.0.1:9063
    HiddenServiceDir /etc/tor/onion/bootup
    HiddenServicePort 22 127.0.0.1:22
  '');
in ''
  echo "tor: preparing onion folder"
  # have to do this otherwise tor does not want to start
  chmod -R 700 /etc/tor

  echo "make sure localhost is up"
  ip a a 127.0.0.1/8 dev lo
  ip link set lo up

  echo "tor: starting tor"
  tor -f ${torRc} --verify-config
  tor -f ${torRc} &
'';
*/
}