From dee29459a509cc8f9bf4e702ced3b1552f5001f9 Mon Sep 17 00:00:00 2001
From: Dmitriy Kholkin <ataraxiadev@ataraxiadev.com>
Date: Tue, 27 Jun 2023 17:51:20 +0300
Subject: [PATCH] setup tor bridge on vps

---
 machines/NixOS-VPS/default.nix             |  1 +
 machines/NixOS-VPS/network.nix             |  1 -
 machines/NixOS-VPS/services/tor-bridge.nix | 43 ++++++++++++++++++++++
 3 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 machines/NixOS-VPS/services/tor-bridge.nix

diff --git a/machines/NixOS-VPS/default.nix b/machines/NixOS-VPS/default.nix
index ab2c9f9..4ee8ad4 100644
--- a/machines/NixOS-VPS/default.nix
+++ b/machines/NixOS-VPS/default.nix
@@ -8,6 +8,7 @@
     ./network.nix
     ./nix.nix
     ./services/dns.nix
+    ./services/tor-bridge.nix
     ./services/wireguard.nix
     ./services/xtls.nix
 
diff --git a/machines/NixOS-VPS/network.nix b/machines/NixOS-VPS/network.nix
index ff48470..8319b36 100644
--- a/machines/NixOS-VPS/network.nix
+++ b/machines/NixOS-VPS/network.nix
@@ -11,7 +11,6 @@ in {
     nftables.enable = true;
     domain = "wg.ataraxiadev.com";
   };
-  # enp0s18
   systemd.network = with interfaces.main'; {
     enable = true;
     wait-online.ignoredInterfaces = [ "lo" ];
diff --git a/machines/NixOS-VPS/services/tor-bridge.nix b/machines/NixOS-VPS/services/tor-bridge.nix
new file mode 100644
index 0000000..7ace99a
--- /dev/null
+++ b/machines/NixOS-VPS/services/tor-bridge.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, lib, ... }:
+let
+  inherit (import ./hardware/networks.nix) interfaces;
+  bridgeName = interfaces.main'.bridgeName;
+  obfs4Port = 18371;
+in {
+  networking.firewall.interfaces.${bridgeName} = {
+    allowedTCPPorts = [ obfs4Port ];
+  };
+
+  # We can get bridge cert from file: /var/lib/tor/pt_state/obfs4_bridgeline.txt
+  # Fingerprint can be obtained from tor.service logs
+  services.tor = {
+    enable = true;
+    enableGeoIP = true;
+    client.enable = false;
+    relay.enable = true;
+    relay.role = "private-bridge";
+    settings = {
+      BridgeDistribution = "none";
+      BridgeRelay = true;
+      ContactInfo = "admin@ataraxiadev.com";
+      ORPort = [ 17429 ];
+      ServerTransportListenAddr = "obfs4 0.0.0.0:${toString obfs4Port}";
+      Nickname = "Ataraxia";
+    };
+  };
+
+  services.networkd-dispatcher = {
+    enable = true;
+    rules."restart-tor" = {
+      onState = [ "routable" "off" ];
+      script = ''
+        #!${pkgs.runtimeShell}
+        if [[ $IFACE == "${bridgeName}" && $AdministrativeState == "configured" ]]; then
+          echo "Restarting Tor ..."
+          systemctl restart tor
+        fi
+        exit 0
+      '';
+    };
+  };
+}
\ No newline at end of file