From 08227123321090c9277758a9072009eafeb0720f Mon Sep 17 00:00:00 2001
From: Dmitriy Kholkin <ataraxiadev@ataraxiadev.com>
Date: Thu, 21 Aug 2025 04:23:33 +0300
Subject: [PATCH] feat: add tor relay to vps's

---
 hosts/blueshift/default.nix    |  2 ++
 hosts/redshift/default.nix     |  2 ++
 modules/nixos/services/tor.nix | 36 ++++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 modules/nixos/services/tor.nix

diff --git a/hosts/blueshift/default.nix b/hosts/blueshift/default.nix
index 362846a..d5973b2 100644
--- a/hosts/blueshift/default.nix
+++ b/hosts/blueshift/default.nix
@@ -154,6 +154,8 @@
       };
     };
   };
+  ataraxia.services.tor.enableRelay = true;
+  ataraxia.services.tor.relayPort = 32910;
 
   system.stateVersion = "24.11";
 }
diff --git a/hosts/redshift/default.nix b/hosts/redshift/default.nix
index 3e2fe0f..7537dbd 100644
--- a/hosts/redshift/default.nix
+++ b/hosts/redshift/default.nix
@@ -154,6 +154,8 @@
       };
     };
   };
+  ataraxia.services.tor.enableRelay = true;
+  ataraxia.services.tor.relayPort = 18342;
 
   system.stateVersion = "24.11";
 }
diff --git a/modules/nixos/services/tor.nix b/modules/nixos/services/tor.nix
new file mode 100644
index 0000000..70d536b
--- /dev/null
+++ b/modules/nixos/services/tor.nix
@@ -0,0 +1,36 @@
+{ config, lib, ... }:
+let
+  inherit (lib) mkEnableOption mkIf mkOption;
+  inherit (lib.types) int;
+
+  cfg = config.ataraxia.services.tor;
+in
+{
+  options.ataraxia.services.tor = {
+    enable = mkEnableOption "Enable tor service client";
+    enableRelay = mkEnableOption "Enable tor service bridge";
+    relayPort = mkOption {
+      type = int;
+      description = "Bridge listen port";
+    };
+  };
+
+  config = mkIf (cfg.enable || cfg.enableRelay) {
+    services.tor = {
+      enable = true;
+      client.enable = cfg.enable;
+      relay.enable = cfg.enableRelay;
+      relay.role = "private-bridge";
+      settings = mkIf cfg.enableRelay {
+        ContactInfo = "admin@ataraxiadev.com";
+        Nickname = config.networking.hostName;
+        ORPort = 42891;
+        ServerTransportListenAddr = "obfs4 0.0.0.0:${toString cfg.relayPort}";
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ cfg.relayPort ];
+
+    persist.state.directories = [ "/var/lib/tor" ];
+  };
+}