diff --git a/hosts/tor/default.nix b/hosts/tor/default.nix index 2da7f07..71cb469 100644 --- a/hosts/tor/default.nix +++ b/hosts/tor/default.nix @@ -1,8 +1,7 @@ -{ ... }: - -{ +{ ... }: { imports = [ ./hardware.nix + ./tor.nix ../../modules/base ../../modules/tor ]; diff --git a/hosts/tor/hardware.nix b/hosts/tor/hardware.nix index afef259..92d5ac0 100644 --- a/hosts/tor/hardware.nix +++ b/hosts/tor/hardware.nix @@ -1,6 +1,4 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ +{ config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") diff --git a/hosts/tor/tor.nix b/hosts/tor/tor.nix new file mode 100644 index 0000000..ed17a39 --- /dev/null +++ b/hosts/tor/tor.nix @@ -0,0 +1,7 @@ +{ ... }: { + services.tor = { + settings = { + Nickname = "caspervk"; + }; + }; +} diff --git a/modules/tor/default.nix b/modules/tor/default.nix index 2f2be99..4769884 100644 --- a/modules/tor/default.nix +++ b/modules/tor/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ config, pkgs, ... }: { services.tor = { enable = true; openFirewall = true; @@ -8,9 +8,22 @@ }; settings = { ContactInfo = "admin@caspervk.net"; - Nickname = "caspervk"; DirPort = 80; - ORPort = 443; + ORPort = + # TOR requires each IPv6 address to be configured explicity + let + interfaces = builtins.attrValues config.networking.interfaces; + ipv6Addresses = pkgs.lib.lists.flatten (map (interface: interface.ipv6.addresses) interfaces); + ipv6Ports = map + (a: { + addr = "[${a.address}]"; + port = 443; + }) + ipv6Addresses; + in + [ + 443 + ] ++ ipv6Ports; ControlPort = 9051; DirPortFrontPage = builtins.toFile "tor-exit-notice.html" (builtins.readFile ./tor-exit-notice.html); ExitRelay = true; @@ -23,7 +36,7 @@ }; environment.systemPackages = with pkgs; [ - nyx # Command-line monitor for Tor + nyx # Command-line monitor for Tor ]; environment.persistence."/nix/persist" = {