[tor-relays] Relays on NixOS

Mailing Lists tor-relays
1

Hey,
I wanted to ask whether there any relay operators that also run relays
on NixOS.

What is your setup? Do you use the package/module from nixpkgs? How do
you run multiple relays? Do you override the nixpkgs? ...

I am currently thinking on collecting some resources regarding that, any
feedback/knowledge here would be very appreciated. :slight_smile:

Thank You
Cλara

···

_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org

2

* Clara Engler via tor-relays:

What is your setup? Do you use the package/module from nixpkgs?
How do you run multiple relays?

I found setting up a Tor relay on NixOS to be very easy. The following
configuration suffices:

  {
    services.tor = {
      enable = true;
      openFirewall = true;
      relay = {
        enable = true;
        role = "relay";
      };
      settings = {
        ExitRelay = false;
        Nickname = "mytorrelay";
        ORPort = 12345;
      };
    };
  }

I have not yet tried to run multiple relays. Not sure if this is
currently possible? You might want to try to ask the NixOS package
maintainers on GitHub about this.

Do you override the nixpkgs?

The package updates on NixOS-unstable are usually updated very quickly,
so I see no need to use overrides.

-Ralph

···

_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org

3

Hi Clara,

I am running my two bridges on NixOS machines. Each machine has only one tor process. Hence I just use the package and module in nixpkgs with minor tor configuration changes.

Best, Mynacol

···

_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org

4

I use NixOS containers to run multiple relays:

> sudo systemctl -M tor-1 status tor

> sudo journalctl -M tor-1 -eu tor.service

containers = let
mkTorContainer = {
stateDir,
orPort,
controlPort,
}: {
autoStart = true;
ephemeral = true; # impermanence
bindMounts = {
“/var/lib/tor/” = {
hostPath = stateDir;
isReadOnly = false;
};
};
config = {…}: {
services.tor = {
enable = true;
relay = {
enable = true;
role = “exit”;
};
settings = {
Nickname = “DXV7520”;
ContactInfo = “admin@caspervk.net”;
ORPort = [
{
addr = “31.133.0.235”;
port = orPort;
}
{
addr = “[2001:67c:2044:c141::1:6431:1]”;
port = orPort;
}
];
ControlPort = controlPort;
ExitRelay = true;
IPv6Exit = true;
ExitPolicy = [
“reject *:22”
“reject *:25”
“accept :
];
MyFamily = builtins.concatStringsSep “,” [
“1B9D2C9E0EFE2C6BD23D62B2FCD145886AD242D1” # /var/lib/tor-1/fingerprint
“293CE00D11B1D8B99AE8811CBDFDA3F353353710” # /var/lib/tor-2/fingerprint
“27FF3E6979EF6570B9EB3B53B11964FE08F36F19” # /var/lib/tor-3/fingerprint
“C2041A1CE9FDFDB13572D946A3055310FD48A595” # /var/lib/tor-4/fingerprint
];
};
};
system.stateVersion = config.system.stateVersion;
};
};
in {
tor-1 = mkTorContainer {
stateDir = “/var/lib/tor-1/”;
orPort = 443;
controlPort = 9051;
};
tor-2 = mkTorContainer {
stateDir = “/var/lib/tor-2/”;
orPort = 444;
controlPort = 9052;
};
tor-3 = mkTorContainer {
stateDir = “/var/lib/tor-3/”;
orPort = 445;
controlPort = 9053;
};
tor-4 = mkTorContainer {
stateDir = “/var/lib/tor-4/”;
orPort = 446;
controlPort = 9054;
};
};

Full config: https://git.caspervk.net/caspervk/nixos/src/branch/master/hosts/tor/tor.nix