fix tor-bridge on vps

2023-12-30 04:32:38 +03:00 · 2023-12-30 04:32:38 +03:00 · 2992a972ef
commit 2992a972ef
parent 8c88097db9
4 changed files with 101 additions and 122 deletions
--- a/flake.lock
+++ b/flake.lock
@ -6,11 +6,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1702787014,
-        "narHash": "sha256-grrM/VPfBY3KwR1tLFcTPbEpRcTYpDrzRGd7PBgKKpw=",
+        "lastModified": 1703351934,
+        "narHash": "sha256-HoMdwXPYzvXd07JxqIMwR/rRe7hdRKUV5HLPbiM2CA0=",
        "owner": "ezKEa",
        "repo": "aagl-gtk-on-nix",
-        "rev": "ae7257ea176bded057343bb64e6998523fd1959d",
+        "rev": "6afc4cff9fcd9016d6270c95e0d67023cdafd6dd",
        "type": "github"
      },
      "original": {
@ -44,11 +44,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1698258239,
-        "narHash": "sha256-qnhoYYIJ0L/P7H/f56lQUEvpzNlXh4sxuHpRERV+B44=",
+        "lastModified": 1702969472,
+        "narHash": "sha256-IJP9sC+/gLUdWhm6TsnWpw6A1zQWUfn53ym63KeLXvU=",
        "owner": "zhaofengli",
        "repo": "attic",
-        "rev": "e9918bc6be268da6fa97af6ced15193d8a0421c0",
+        "rev": "bdafd64910bb2b861cf90fa15f1fc93318b6fbf6",
        "type": "github"
      },
      "original": {
@ -130,26 +130,17 @@
    },
    "crane": {
      "inputs": {
-        "flake-compat": [
-          "attic",
-          "flake-compat"
-        ],
-        "flake-utils": [
-          "attic",
-          "flake-utils"
-        ],
        "nixpkgs": [
          "attic",
          "nixpkgs"
-        ],
-        "rust-overlay": "rust-overlay"
+        ]
      },
      "locked": {
-        "lastModified": 1677892403,
-        "narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=",
+        "lastModified": 1702918879,
+        "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "105e27adb70a9890986b6d543a67761cbc1964a2",
+        "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
        "type": "github"
      },
      "original": {
@ -165,11 +156,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1702460489,
-        "narHash": "sha256-H6s6oVLvx7PCjUcvfkB89Bb+kbaiJxTAgWfMjiQTjA0=",
+        "lastModified": 1703087360,
+        "narHash": "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "915327515f5fd1b7719c06e2f1eb304ee0bdd803",
+        "rev": "b709d63debafce9f5645a5ba550c9e0983b3d1f7",
        "type": "github"
      },
      "original": {
@ -186,11 +177,11 @@
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
-        "lastModified": 1702549996,
-        "narHash": "sha256-mEN+8gjWUXRxBCcixeth+jlDNuzxbpFwZNOEc4K22vw=",
+        "lastModified": 1703066966,
+        "narHash": "sha256-MbX0XYOEvAuXwi80emHKJsjo1IGQZhoKKnEp2uzgNx4=",
        "owner": "cachix",
        "repo": "devenv",
-        "rev": "e681a99ffe2d2882f413a5d771129223c838ddce",
+        "rev": "405a4c6a3fecfd2a7fb37cc13f4e760658e522e6",
        "type": "github"
      },
      "original": {
@ -206,11 +197,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1702569759,
-        "narHash": "sha256-Ze3AdEEsVZBRJ4wn13EZpV1Uubkzi59TkC4j2G9xoFI=",
+        "lastModified": 1703532766,
+        "narHash": "sha256-ojjW3cuNmqL5uqDWohwLoO8dYpheM5+AfgsNmGIMwG8=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "98ab91109716871f50ea8cb0e0ac7cc1e1e14714",
+        "rev": "1b191113874dee97796749bb21eac3d84735c70a",
        "type": "github"
      },
      "original": {
@ -676,11 +667,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1702814335,
-        "narHash": "sha256-Qck7BAMi3eydzT1WFOzp/SgECetyPpOn1dLgmxH2ebQ=",
+        "lastModified": 1703527373,
+        "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e4dba0bd01956170667458be7b45f68170a63651",
+        "rev": "80679ea5074ab7190c4cce478c600057cfb5edae",
        "type": "github"
      },
      "original": {
@ -700,11 +691,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1703271271,
-        "narHash": "sha256-q6bb5S6l/fEIpO4QRmxACgNfVdTvWktEvKVKWtygzx8=",
+        "lastModified": 1703616278,
+        "narHash": "sha256-xipHN28RIfB36qNoqesh4NnE/M6YZbEiYhkPHS3BFhI=",
        "owner": "hyprwm",
        "repo": "Hyprland",
-        "rev": "c416880cf96aee783b6a00f356512e5d758e6056",
+        "rev": "9fb50252d3a128466e80bfc2fb67b45dc923ad41",
        "type": "github"
      },
      "original": {
@ -761,11 +752,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1697303681,
-        "narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
+        "lastModified": 1703606475,
+        "narHash": "sha256-ztFe33E2f+XmrvOFOy9NDvQCkvfQUE6K/BBV+ZtCZLs=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
+        "rev": "3d599bd65eb383bc36191ba39ed6084674b0d7b2",
        "type": "github"
      },
      "original": {
@ -919,11 +910,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1702677673,
-        "narHash": "sha256-BPcLfyyXinIyya48fTl3sg3bXhgN6hXx5xfQVLm4hO0=",
+        "lastModified": 1703153680,
+        "narHash": "sha256-B5w8UABj9i18mhd67pCu+rY+wYPIXXDU5IU8f1K8ov0=",
        "owner": "nix-community",
        "repo": "nix-direnv",
-        "rev": "499255d0189982b93d1e9aa9297823132d95a86c",
+        "rev": "c5b7db30bec53b441d94fce933514b8cdb17285b",
        "type": "github"
      },
      "original": {
@ -941,11 +932,11 @@
        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1701604846,
-        "narHash": "sha256-m0MxxMIy8at5CtCgoiBIHUez9+Dsh6XoifvOvlbSwBM=",
+        "lastModified": 1703607026,
+        "narHash": "sha256-Emh0BPoqlS4ntp2UJrwydXfIP4qIMF0VBB2FUE3/M/E=",
        "owner": "Mic92",
        "repo": "nix-fast-build",
-        "rev": "25e19950f019adea4ca1b490e116a6acc0669e31",
+        "rev": "4376b8a33b217ee2f78ba3dcff01a3e464d13a46",
        "type": "github"
      },
      "original": {
@ -1011,11 +1002,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1702776244,
-        "narHash": "sha256-kM4c4N1Six84GfLLV+nk+kq6bNH8OkEy5JHqg9IgqAE=",
+        "lastModified": 1703553395,
+        "narHash": "sha256-lbioI+/sipflPD0XmJOjYfCioPIg/3cRo87l4hp6i7s=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "831450b20e2225b80e8453163f82eb495bee3b08",
+        "rev": "904561c550a38470b6093e431b961666838bc07e",
        "type": "github"
      },
      "original": {
@ -1082,16 +1073,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1700794826,
-        "narHash": "sha256-RyJTnTNKhO0yqRpDISk03I/4A67/dp96YRxc86YOPgU=",
+        "lastModified": 1703068421,
+        "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "5a09cb4b393d58f9ed0d9ca1555016a8543c2ac8",
+        "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixos-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -1164,11 +1155,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1702854629,
-        "narHash": "sha256-296u+BzB+S3d9lNH9P882usCsfgUGyXyhftXA7Qj9OY=",
+        "lastModified": 1703618775,
+        "narHash": "sha256-bEoiRFhgaPx3UBw8629yysGEZaUEJWyYnkx8EVjPz+0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0f92e92565be5eae288d819292b49f49ffd16c36",
+        "rev": "d1fcabefe1617c4dd295774692140b2018b9f9fc",
        "type": "github"
      },
      "original": {
@ -1228,16 +1219,16 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1685004253,
-        "narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=",
+        "lastModified": 1702780907,
+        "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3e01645c40b92d29f3ae76344a6d654986a91a91",
+        "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -1260,11 +1251,11 @@
    },
    "nixpkgs-stable_3": {
      "locked": {
-        "lastModified": 1702645756,
-        "narHash": "sha256-qKI6OR3TYJYQB3Q8mAZ+DG4o/BR9ptcv9UnRV2hzljc=",
+        "lastModified": 1703200384,
+        "narHash": "sha256-q5j06XOsy0qHOarsYPfZYJPWbTbc8sryRxianlEPJN0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "40c3c94c241286dd2243ea34d3aef8a488f9e4d0",
+        "rev": "0b3d618173114c64ab666f557504d6982665d328",
        "type": "github"
      },
      "original": {
@ -1276,11 +1267,11 @@
    },
    "nixpkgs-stable_4": {
      "locked": {
-        "lastModified": 1702777222,
-        "narHash": "sha256-/SYmqgxTYzqZnQEfbOCHCN4GzqB9uAIsR9IWLzo0/8I=",
+        "lastModified": 1703351344,
+        "narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a19a71d1ee93226fd71984359552affbc1cd3dc3",
+        "rev": "7790e078f8979a9fcd543f9a47427eeaba38f268",
        "type": "github"
      },
      "original": {
@ -1292,11 +1283,11 @@
    },
    "nixpkgs_10": {
      "locked": {
-        "lastModified": 1702312524,
-        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
+        "lastModified": 1703255338,
+        "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
+        "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
        "type": "github"
      },
      "original": {
@ -1308,11 +1299,11 @@
    },
    "nixpkgs_11": {
      "locked": {
-        "lastModified": 1701998057,
-        "narHash": "sha256-gAJGhcTO9cso7XDfAScXUlPcva427AUT2q02qrmXPdo=",
+        "lastModified": 1702539185,
+        "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "09dc04054ba2ff1f861357d0e7e76d021b273cd7",
+        "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
        "type": "github"
      },
      "original": {
@ -1324,11 +1315,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1691853136,
-        "narHash": "sha256-wTzDsRV4HN8A2Sl0SVQY0q8ILs90CD43Ha//7gNZE+E=",
+        "lastModified": 1702539185,
+        "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "f0451844bbdf545f696f029d1448de4906c7f753",
+        "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
        "type": "github"
      },
      "original": {
@ -1436,11 +1427,11 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1702272962,
-        "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
+        "lastModified": 1702539185,
+        "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
+        "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
        "type": "github"
      },
      "original": {
@ -1452,11 +1443,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1702849536,
-        "narHash": "sha256-kGYoCw+KyLx5PpsCI3p2LxgyOsWYJon6ghq8Iq0XU6c=",
+        "lastModified": 1703620235,
+        "narHash": "sha256-QTTz8m1WxJGbAbRWJIQtM7Dum2bDmcsVYu3mppzKTGg=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "452bdab51c4eebec9aa2db7b84da63340dacb52d",
+        "rev": "5eec32231557faed7d0eeae215396b6477890ec7",
        "type": "github"
      },
      "original": {
@ -1511,11 +1502,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1700922917,
-        "narHash": "sha256-ej2fch/T584b5K9sk1UhmZF7W6wEfDHuoUYpFN8dtvM=",
+        "lastModified": 1702456155,
+        "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "e5ee5c5f3844550c01d2131096c7271cec5e9b78",
+        "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc",
        "type": "github"
      },
      "original": {
@ -1534,11 +1525,11 @@
        "pre-commit-hooks": "pre-commit-hooks_2"
      },
      "locked": {
-        "lastModified": 1702781971,
-        "narHash": "sha256-8MaZy0ewEG7yZfD/l14BNmvv8kJ932Mv0WyB+3MHcjI=",
+        "lastModified": 1703322210,
+        "narHash": "sha256-/oemKTm9nHLFHRdVhoZ0/Mm0SEOcHO8M12DhkosG9UU=",
        "owner": "AtaraxiaSjel",
        "repo": "PrismLauncher",
-        "rev": "a4d314de3eb6fb8ef1fa58ec4be1b700c470627a",
+        "rev": "30bb9a1f1a8f8dc1a38fa1c4c36dc17aba842aa4",
        "type": "github"
      },
      "original": {
@ -1606,41 +1597,14 @@
        "vscode-server": "vscode-server"
      }
    },
-    "rust-overlay": {
-      "inputs": {
-        "flake-utils": [
-          "attic",
-          "crane",
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "attic",
-          "crane",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1675391458,
-        "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    },
    "rycee": {
      "flake": false,
      "locked": {
-        "lastModified": 1702814246,
-        "narHash": "sha256-8aOoykO7+4BDmV5QvpSLyoBaSmDmmKcHSz7I/gMAPv0=",
+        "lastModified": 1703515744,
+        "narHash": "sha256-x/Oz43zeFewMyDglI4AGfyv7xgJZCL75/RL+kGwahto=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "8d2075876b1a0d167d0387c661ec7f5d27254c5e",
+        "rev": "3776272394cb8b1caf3db29bc6dc853f11208b46",
        "type": "gitlab"
      },
      "original": {
@ -1682,11 +1646,11 @@
        "nixpkgs-stable": "nixpkgs-stable_4"
      },
      "locked": {
-        "lastModified": 1702812162,
-        "narHash": "sha256-18cKptpAAfkatdQgjO5SZXZsbc1IVPRoYx2AxaiooL4=",
+        "lastModified": 1703387502,
+        "narHash": "sha256-JnWuQmyanPtF8c5yAEFXVWzaIlMxA3EAZCh8XNvnVqE=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "21f2b8f123a1601fef3cf6bbbdf5171257290a77",
+        "rev": "e523e89763ff45f0a6cf15bcb1092636b1da9ed3",
        "type": "github"
      },
      "original": {
@ -1961,11 +1925,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1702334919,
-        "narHash": "sha256-ibOZ3TLjqndGMcj2f+07NFwDWoum4IbzF58byZuJJNg=",
+        "lastModified": 1703514399,
+        "narHash": "sha256-VRr5Xc4S/VPr/gU3fiOD3vSIL2+GJ+LUrmFTWTwnTz4=",
        "owner": "hyprwm",
        "repo": "xdg-desktop-portal-hyprland",
-        "rev": "f5c3576c3b6cb1c31a8dfa3e4113f59bfe40cd71",
+        "rev": "0a318a7a217a6402b0b705837cd5b50b0e94b31b",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -124,6 +124,7 @@
    sharedPatches = patchesPath [
      "vaultwarden.patch"
      "webhooks.patch"
+      "tor-bridge.patch"
    ];
    sharedOverlays = [ flake-utils-plus.overlay inputs.sops-nix.overlays.default ];
    channelsConfig = { allowUnfree = true; android_sdk.accept_license = true; };
--- a/machines/NixOS-VPS/services/tor-bridge.nix
+++ b/machines/NixOS-VPS/services/tor-bridge.nix
@ -3,9 +3,10 @@ let
  inherit (import ../hardware/networks.nix) interfaces;
  bridgeName = interfaces.main'.bridgeName;
  obfs4Port = 18371;
+  orPort = 17429;
 in {
  networking.firewall.interfaces.${bridgeName} = {
-    allowedTCPPorts = [ obfs4Port ];
+    allowedTCPPorts = [ obfs4Port orPort ];
  };

  # We can get bridge cert from file: /var/lib/tor/pt_state/obfs4_bridgeline.txt
@ -20,7 +21,7 @@ in {
      BridgeDistribution = "none";
      BridgeRelay = true;
      ContactInfo = "admin@ataraxiadev.com";
-      ORPort = [ 17429 ];
+      ORPort = [ orPort ];
      ServerTransportListenAddr = "obfs4 0.0.0.0:${toString obfs4Port}";
      Nickname = "Ataraxia";
    };
--- a/patches/tor-bridge.patch
+++ b/patches/tor-bridge.patch
@ -0,0 +1,13 @@
+diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
+index 4ff941251c99..32c9d8ae046c 100644
+--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
+@@ -854,7 +854,7 @@ in
+           BridgeRelay = true;
+           ExtORPort.port = mkDefault "auto";
+           ServerTransportPlugin.transports = mkDefault ["obfs4"];
+-          ServerTransportPlugin.exec = mkDefault "${pkgs.obfs4}/bin/obfs4proxy managed";
+          ServerTransportPlugin.exec = mkDefault "${lib.getExe pkgs.obfs4} managed";
+         } // optionalAttrs (cfg.relay.role == "private-bridge") {
+           ExtraInfoStatistics = false;
+           PublishServerDescriptor = false;