From bf7995067d8d6ca83da5771e7a7ec29b04335f09 Mon Sep 17 00:00:00 2001
From: Dmitriy Kholkin <ataraxiadev@ataraxiadev.com>
Date: Wed, 7 Dec 2022 22:19:51 +0300
Subject: [PATCH] setup tor-browser and tor socks proxy

---
 profiles/applications/tor-browser.nix | 12 +++++++
 profiles/workspace/proxy.nix          | 48 ++++++++++++++++++++++++++-
 roles/desktop.nix                     |  2 +-
 3 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 profiles/applications/tor-browser.nix

diff --git a/profiles/applications/tor-browser.nix b/profiles/applications/tor-browser.nix
new file mode 100644
index 0000000..66a8b45
--- /dev/null
+++ b/profiles/applications/tor-browser.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, lib, ... }:
+let
+  tor-browser = pkgs.writeShellScriptBin "tor-browser" ''
+    mullvad-exclude ${pkgs.tor-browser-bundle-bin}/bin/tor-browser
+  '';
+in {
+  home-manager.users.alukard.home.packages = if config.deviceSpecific.wireguard.enable then [
+    tor-browser
+  ] else [
+    pkgs.tor-browser-bundle-bin
+  ];
+}
\ No newline at end of file
diff --git a/profiles/workspace/proxy.nix b/profiles/workspace/proxy.nix
index efbe256..507dc05 100644
--- a/profiles/workspace/proxy.nix
+++ b/profiles/workspace/proxy.nix
@@ -2,10 +2,56 @@
   disabledModules = [ "services/networking/xray.nix" ];
 
   secrets.xray-config = {};
+  secrets.tor-config = {};
 
-  services.xray-custom = {
+  services.xray = {
     enable = true;
     settingsFile = config.secrets.xray-config.decrypted;
   };
 
+  containers.tor = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.1.10";
+    localAddress = "192.168.1.11";
+    bindMounts."/var/secrets" = {
+      hostPath = "/var/secrets";
+      isReadOnly = true;
+    };
+    tmpfs = [ "/" ];
+    ephemeral = true;
+    config = { config, pkgs, ... }: {
+      services.tor.enable = true;
+
+      systemd.services.tor-config = {
+        script = ''
+          cp /var/secrets/tor-config /var/lib/tor/tor-config
+          chown tor /var/lib/tor/tor-config
+          chmod 600 /var/lib/tor/tor-config
+          sed -i 's#obfs4proxy-path#${pkgs.obfs4}/bin/obfs4proxy#' /var/lib/tor/tor-config
+        '';
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+      };
+
+      systemd.services.tor = {
+        after = [ "tor-config.service" ];
+        serviceConfig.ExecStart = lib.mkForce "${config.services.tor.package}/bin/tor -f /var/lib/tor/tor-config";
+      };
+
+      networking.firewall = {
+        enable = true;
+        allowedTCPPorts = [ 9050 ];
+        rejectPackets = true;
+      };
+      # environment.etc."resolv.conf".text = "nameserver 192.168.0.1";
+      system.stateVersion = "22.11";
+    };
+  };
+
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-tor" ];
+    externalInterface = "wg-mullvad";
+  };
 }
\ No newline at end of file
diff --git a/roles/desktop.nix b/roles/desktop.nix
index 51c1c33..d00bf2e 100644
--- a/roles/desktop.nix
+++ b/roles/desktop.nix
@@ -30,7 +30,7 @@
     rofi
     spotify
     steam
-    # vivaldi
+    tor-browser
     vscode
     waydroid