From c7349e466fef7ecff5a46b1d0c819975a6bdcb8c Mon Sep 17 00:00:00 2001 From: toufic ar Date: Wed, 22 Apr 2026 14:08:19 +0300 Subject: initial commit --- adonis/tor/default.nix | 45 +++++++++++++++++++++++++++++++++++++++++++++ adonis/tor/snowflake.nix | 19 +++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 adonis/tor/default.nix create mode 100644 adonis/tor/snowflake.nix (limited to 'adonis/tor') diff --git a/adonis/tor/default.nix b/adonis/tor/default.nix new file mode 100644 index 0000000..7fcf2b4 --- /dev/null +++ b/adonis/tor/default.nix @@ -0,0 +1,45 @@ +{config, ...}: let + owner = config.customOps.owner.username; + domain = config.customOps.domain.fqdn; +in { + imports = [./snowflake.nix]; + + services.tor = { + enable = true; + openFirewall = true; + enableGeoIP = false; + torsocks.enable = true; + client.enable = true; + + relay = { + enable = true; + role = "relay"; + }; + + settings = { + Nickname = "${owner}"; + ContactInfo = "admin.tor@${domain}"; + + ExitRelay = false; + + MaxAdvertisedBandwidth = "100 MB"; + BandWidthRate = "100 MB"; + RelayBandwidthRate = "100 MB"; + RelayBandwidthBurst = "100 MB"; + + CookieAuthentication = true; + AvoidDiskWrites = 1; + HardwareAccel = 0; + SafeLogging = 1; + NumCPUs = 4; + + ORPort = [ + 9001 + { + addr = "[2a0a:4cc0:c1:cf00::10]"; + port = 9030; + } + ]; + }; + }; +} diff --git a/adonis/tor/snowflake.nix b/adonis/tor/snowflake.nix new file mode 100644 index 0000000..5a1c4bb --- /dev/null +++ b/adonis/tor/snowflake.nix @@ -0,0 +1,19 @@ +{config, ...}: let + torDomain = "tor.${config.customOps.domain.fqdn}"; +in { + services.snowflake-proxy = { + enable = true; + capacity = 20; + extraFlags = ["-metrics"]; + }; + + services.nginx.virtualHosts.${torDomain} = { + root = "/var/www/${torDomain}"; + forceSSL = true; + enableACME = true; + locations."~ \\.php$".extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket}; + fastcgi_index index.php; + ''; + }; +} -- cgit v1.2.3