aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

services: use new 'tor' options

Browse source
This commit is contained in:
Erik Arvstedt 2021-08-05 00:49:00 +02:00
parent e44f78ebb8
commit 178a0dcf8f
No known key found for this signature in database
GPG key ID: 33312B944DD97846
18 changed files with 56 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/netns-isolation.nix
View file

@ -97,8 +97,13 @@ in {
# Base infrastructure
{
networking.dhcpcd.denyInterfaces = [ "nb-br" "nb-veth*" ];
services.tor.client.socksListenAddress = "${bridgeIp}:9050";
networking.firewall.interfaces.nb-br.allowedTCPPorts = [ 9050 ];
services.tor.client.socksListenAddress = {
addr = bridgeIp;
# Default NixOS values. These must be repeated when redefining this option.
port = 9050;
IsolateDestAddr = true;
};
networking.firewall.interfaces.nb-br.allowedTCPPorts = [ config.services.tor.client.socksListenAddress.port ];
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
security.wrappers.netns-exec = {