AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add custom tor quadlet with bridge connecting

Browse Source
This commit is contained in:
Dmitriy Kholkin 2025-08-21 04:38:56 +03:00
parent 6c71035586
commit ed5e3d74be
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
1 changed files with 74 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
modules/nixos/containers/tor.nix Normal file
View File

@ -0,0 +1,74 @@
{
config,
lib,
pkgs,
secretsDir,
...
}:
let
inherit (lib) mkEnableOption mkIf;
inherit (config.virtualisation.quadlet) networks;
cfg = config.ataraxia.containers.tor;
dockerfile = pkgs.writeText "Dockerfile.tor" ''
FROM alpine:3
LABEL name="tor-socks-proxy"
LABEL version="latest"
RUN echo '@edge https://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories && \
echo '@edge https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories && \
apk -U upgrade && \
apk -v add tor@edge lyrebird@edge curl && \
chmod 700 /var/lib/tor && \
rm -rf /var/cache/apk/* && \
tor --version
RUN echo -e "HardwareAccel 1\nLog notice stdout\nDNSPort 0.0.0.0:8853\nSocksPort 0.0.0.0:9150\nDataDirectory /var/lib/tor" > /etc/tor/torrc && \
chown tor:root /etc/tor/torrc
HEALTHCHECK --timeout=30s --start-period=60s \
CMD curl --fail --socks5-hostname localhost:9150 -I -L 'https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion' || exit 1
USER tor
EXPOSE 8853/udp 9150/tcp
CMD ["/usr/bin/tor", "-f", "/etc/tor/torrc"]
'';
in
{
options.ataraxia.containers.tor = {
enable = mkEnableOption "Enable tor client container";
};
config = mkIf cfg.enable {
sops.secrets.tor-container.sopsFile = secretsDir + /proxy.yaml;
sops.secrets.tor-container.mode = "0444";
virtualisation.quadlet = {
builds.tor-proxy = {
autoStart = true;
buildConfig = {
file = toString dockerfile;
tag = "tor-socks-proxy:latest";
};
};
containers.tor-proxy = {
autoStart = true;
containerConfig = {
exec = "sh -c 'cat /home/torrc-extra >> /etc/tor/torrc && /usr/bin/tor -f /etc/tor/torrc'";
image = config.virtualisation.quadlet.builds.tor-proxy.ref;
networks = [ networks.br-services.ref ];
publishPorts = [
"0.0.0.0:9150:9150/tcp"
"0.0.0.0:8853:8853/udp"
];
volumes = [
"${config.sops.secrets.tor-container.path}:/home/torrc-extra:ro"
];
};
};
};
networking.firewall.allowedTCPPorts = [ 9150 ];
networking.firewall.allowedUDPPorts = [ 8853 ];
};
}