nixos-config/profiles/workspace/proxy.nix

{ config, pkgs, lib, ... }: {
  disabledModules = [ "services/networking/xray.nix" ];

  secrets.xray-config = {};
  secrets.tor-config = {};

  services.xray = {
    enable = true;
    settingsFile = config.secrets.xray-config.decrypted;
  };

  containers.tor = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = "192.168.1.10";
    localAddress = "192.168.1.11";
    bindMounts."/var/secrets" = {
      hostPath = "/var/secrets";
      isReadOnly = true;
    };
    tmpfs = [ "/" ];
    ephemeral = true;
    config = { config, pkgs, ... }: {
      services.tor.enable = true;

      systemd.services.tor-config = {
        script = ''
          cp /var/secrets/tor-config /var/lib/tor/tor-config
          chown tor /var/lib/tor/tor-config
          chmod 600 /var/lib/tor/tor-config
          sed -i 's#obfs4proxy-path#${pkgs.obfs4}/bin/obfs4proxy#' /var/lib/tor/tor-config
        '';
        wantedBy = [ "multi-user.target" ];
        after = [ "network.target" ];
      };

      systemd.services.tor = {
        after = [ "tor-config.service" ];
        serviceConfig.ExecStart = lib.mkForce "${config.services.tor.package}/bin/tor -f /var/lib/tor/tor-config";
      };

      networking.firewall = {
        enable = true;
        allowedTCPPorts = [ 9050 ];
        rejectPackets = true;
      };
      # environment.etc."resolv.conf".text = "nameserver 192.168.0.1";
      system.stateVersion = "22.11";
    };
  };

  networking.nat = {
    enable = true;
    internalInterfaces = [ "ve-tor" ];
    externalInterface = "wg-mullvad";
  };
}
add xray 2022-03-22 06:03:48 +03:00			`{ config, pkgs, lib, ... }: {`
large update 2022-11-21 02:53:20 +03:00			`disabledModules = [ "services/networking/xray.nix" ];`

add xray 2022-03-22 06:03:48 +03:00			`secrets.xray-config = {};`
setup tor-browser and tor socks proxy 2022-12-07 22:19:51 +03:00			`secrets.tor-config = {};`
add xray 2022-03-22 06:03:48 +03:00
setup tor-browser and tor socks proxy 2022-12-07 22:19:51 +03:00			`services.xray = {`
add xray 2022-03-22 06:03:48 +03:00			`enable = true;`
large update 2022-11-21 02:53:20 +03:00			`settingsFile = config.secrets.xray-config.decrypted;`
add xray 2022-03-22 06:03:48 +03:00			`};`

setup tor-browser and tor socks proxy 2022-12-07 22:19:51 +03:00			`containers.tor = {`
			`autoStart = true;`
			`privateNetwork = true;`
			`hostAddress = "192.168.1.10";`
			`localAddress = "192.168.1.11";`
			`bindMounts."/var/secrets" = {`
			`hostPath = "/var/secrets";`
			`isReadOnly = true;`
			`};`
			`tmpfs = [ "/" ];`
			`ephemeral = true;`
			`config = { config, pkgs, ... }: {`
			`services.tor.enable = true;`

			`systemd.services.tor-config = {`
			`script = ''`
			`cp /var/secrets/tor-config /var/lib/tor/tor-config`
			`chown tor /var/lib/tor/tor-config`
			`chmod 600 /var/lib/tor/tor-config`
			`sed -i 's#obfs4proxy-path#${pkgs.obfs4}/bin/obfs4proxy#' /var/lib/tor/tor-config`
			`'';`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network.target" ];`
			`};`

			`systemd.services.tor = {`
			`after = [ "tor-config.service" ];`
			`serviceConfig.ExecStart = lib.mkForce "${config.services.tor.package}/bin/tor -f /var/lib/tor/tor-config";`
			`};`

			`networking.firewall = {`
			`enable = true;`
			`allowedTCPPorts = [ 9050 ];`
			`rejectPackets = true;`
			`};`
			`# environment.etc."resolv.conf".text = "nameserver 192.168.0.1";`
			`system.stateVersion = "22.11";`
			`};`
			`};`

			`networking.nat = {`
			`enable = true;`
			`internalInterfaces = [ "ve-tor" ];`
			`externalInterface = "wg-mullvad";`
			`};`
add xray 2022-03-22 06:03:48 +03:00			`}`