Hey, I wanted to ask whether there any relay operators that also run relays on NixOS. What is your setup? Do you use the package/module from nixpkgs? How do you run multiple relays? Do you override the nixpkgs? ... I am currently thinking on collecting some resources regarding that, any feedback/knowledge here would be very appreciated. :-) Thank You Cλara
* Clara Engler via tor-relays:
What is your setup? Do you use the package/module from nixpkgs? How do you run multiple relays?
I found setting up a Tor relay on NixOS to be very easy. The following configuration suffices: { services.tor = { enable = true; openFirewall = true; relay = { enable = true; role = "relay"; }; settings = { ExitRelay = false; Nickname = "mytorrelay"; ORPort = 12345; }; }; } I have not yet tried to run multiple relays. Not sure if this is currently possible? You might want to try to ask the NixOS package maintainers on GitHub about this.
Do you override the nixpkgs?
The package updates on NixOS-unstable are usually updated very quickly, so I see no need to use overrides. -Ralph
Hi Clara, I am running my two bridges on NixOS machines. Each machine has only one tor process. Hence I just use the package and module in nixpkgs with minor tor configuration changes. Best, Mynacol
I use NixOS containers to run multiple relays: # > sudo systemctl -M tor-1 status tor # > sudo journalctl -M tor-1 -eu tor.service containers = let mkTorContainer = { stateDir, orPort, controlPort, }: { autoStart = true; ephemeral = true; # impermanence bindMounts = { "/var/lib/tor/" = { hostPath = stateDir; isReadOnly = false; }; }; config = {...}: { services.tor = { enable = true; relay = { enable = true; role = "exit"; }; settings = { Nickname = "DXV7520"; ContactInfo = "admin@caspervk.net"; ORPort = [ { addr = "31.133.0.235"; port = orPort; } { addr = "[2001:67c:2044:c141::1:6431:1]"; port = orPort; } ]; ControlPort = controlPort; ExitRelay = true; IPv6Exit = true; ExitPolicy = [ "reject *:22" "reject *:25" "accept *:*" ]; MyFamily = builtins.concatStringsSep "," [ "1B9D2C9E0EFE2C6BD23D62B2FCD145886AD242D1" # /var/lib/tor-1/fingerprint "293CE00D11B1D8B99AE8811CBDFDA3F353353710" # /var/lib/tor-2/fingerprint "27FF3E6979EF6570B9EB3B53B11964FE08F36F19" # /var/lib/tor-3/fingerprint "C2041A1CE9FDFDB13572D946A3055310FD48A595" # /var/lib/tor-4/fingerprint ]; }; }; system.stateVersion = config.system.stateVersion; }; }; in { tor-1 = mkTorContainer { stateDir = "/var/lib/tor-1/"; orPort = 443; controlPort = 9051; }; tor-2 = mkTorContainer { stateDir = "/var/lib/tor-2/"; orPort = 444; controlPort = 9052; }; tor-3 = mkTorContainer { stateDir = "/var/lib/tor-3/"; orPort = 445; controlPort = 9053; }; tor-4 = mkTorContainer { stateDir = "/var/lib/tor-4/"; orPort = 446; controlPort = 9054; }; }; Full config: https://git.caspervk.net/caspervk/nixos/src/branch/master/hosts/tor/tor.nix
participants (4)
-
Casper V. Kristensen -
Clara Engler -
Ralph Seichter -
tor@mynacol.xyz