diff options
| author | toufic ar <contact@toufy.me> | 2026-04-22 14:08:19 +0300 |
|---|---|---|
| committer | toufic ar <contact@toufy.me> | 2026-04-22 14:08:19 +0300 |
| commit | c7349e466fef7ecff5a46b1d0c819975a6bdcb8c (patch) | |
| tree | 2a3fc53016ae4d0b31d7583171bd4b8e60f4cc17 /adonis/tor | |
| download | servers-c7349e466fef7ecff5a46b1d0c819975a6bdcb8c.tar.gz servers-c7349e466fef7ecff5a46b1d0c819975a6bdcb8c.zip | |
initial commit
Diffstat (limited to 'adonis/tor')
| -rw-r--r-- | adonis/tor/default.nix | 45 | ||||
| -rw-r--r-- | adonis/tor/snowflake.nix | 19 |
2 files changed, 64 insertions, 0 deletions
diff --git a/adonis/tor/default.nix b/adonis/tor/default.nix new file mode 100644 index 0000000..7fcf2b4 --- /dev/null +++ b/adonis/tor/default.nix @@ -0,0 +1,45 @@ +{config, ...}: let + owner = config.customOps.owner.username; + domain = config.customOps.domain.fqdn; +in { + imports = [./snowflake.nix]; + + services.tor = { + enable = true; + openFirewall = true; + enableGeoIP = false; + torsocks.enable = true; + client.enable = true; + + relay = { + enable = true; + role = "relay"; + }; + + settings = { + Nickname = "${owner}"; + ContactInfo = "admin.tor@${domain}"; + + ExitRelay = false; + + MaxAdvertisedBandwidth = "100 MB"; + BandWidthRate = "100 MB"; + RelayBandwidthRate = "100 MB"; + RelayBandwidthBurst = "100 MB"; + + CookieAuthentication = true; + AvoidDiskWrites = 1; + HardwareAccel = 0; + SafeLogging = 1; + NumCPUs = 4; + + ORPort = [ + 9001 + { + addr = "[2a0a:4cc0:c1:cf00::10]"; + port = 9030; + } + ]; + }; + }; +} diff --git a/adonis/tor/snowflake.nix b/adonis/tor/snowflake.nix new file mode 100644 index 0000000..5a1c4bb --- /dev/null +++ b/adonis/tor/snowflake.nix @@ -0,0 +1,19 @@ +{config, ...}: let + torDomain = "tor.${config.customOps.domain.fqdn}"; +in { + services.snowflake-proxy = { + enable = true; + capacity = 20; + extraFlags = ["-metrics"]; + }; + + services.nginx.virtualHosts.${torDomain} = { + root = "/var/www/${torDomain}"; + forceSSL = true; + enableACME = true; + locations."~ \\.php$".extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket}; + fastcgi_index index.php; + ''; + }; +} |
