tor ipv6

hosts/tor/default.nix

@@ -1,8 +1,7 @@
-{ ... }:
+{ ... }: {
-
-{
   imports = [
     ./hardware.nix
+    ./tor.nix
     ../../modules/base
     ../../modules/tor
   ];

hosts/tor/hardware.nix

@@ -1,6 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, ... }: {
-
-{
   imports =
     [
       (modulesPath + "/profiles/qemu-guest.nix")

hosts/tor/tor.nix

@@ -0,0 +1,7 @@
+{ ... }: {
+  services.tor = {
+    settings = {
+      Nickname = "caspervk";
+    };
+  };
+}

modules/tor/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ config, pkgs, ... }: {
   services.tor = {
     enable = true;
     openFirewall = true;
@@ -8,9 +8,22 @@
     };
     settings = {
       ContactInfo = "admin@caspervk.net";
-      Nickname = "caspervk";
       DirPort = 80;
-      ORPort = 443;
+      ORPort =
+        # TOR requires each IPv6 address to be configured explicity
+        let
+          interfaces = builtins.attrValues config.networking.interfaces;
+          ipv6Addresses = pkgs.lib.lists.flatten (map (interface: interface.ipv6.addresses) interfaces);
+          ipv6Ports = map
+            (a: {
+              addr = "[${a.address}]";
+              port = 443;
+            })
+            ipv6Addresses;
+        in
+        [
+          443
+        ] ++ ipv6Ports;
       ControlPort = 9051;
       DirPortFrontPage = builtins.toFile "tor-exit-notice.html" (builtins.readFile ./tor-exit-notice.html);
       ExitRelay = true;
@@ -23,7 +36,7 @@
   };
 
   environment.systemPackages = with pkgs; [
-    nyx  # Command-line monitor for Tor
+    nyx # Command-line monitor for Tor
   ];
 
   environment.persistence."/nix/persist" = {