From c314012d5a5bbf6943cf3ee95a46205c1ddfe395 Mon Sep 17 00:00:00 2001
From: Daniel Langbein <daniel@systemli.org>
Date: Mon, 7 Oct 2024 13:54:24 +0200
Subject: [PATCH] add torsocks

---
 modules/programs.nix | 10 +++++++++-
 modules/tor.nix      | 24 ++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 modules/tor.nix

diff --git a/modules/programs.nix b/modules/programs.nix
index d8472b4..0b38e13 100644
--- a/modules/programs.nix
+++ b/modules/programs.nix
@@ -56,13 +56,21 @@
       # SuperSlicer is a PrusaSlicer fork (which is a slic3r fork) (previously Slic3r++).
       #super-slicer
 
+      #
+      # Internet Censorship Circumvention
+      #
+
+      #unstable.riseup-vpn # TODO wait until update arraived in unstable
+      #./tor-browser.nix
+      #./tor.nix
+
       #
       # OFFICE
       #
 
       # Graphical apps
 
-      #unstable.riseup-vpn # TODO wait until update arraived in unstable
+
       junction # Choose the application to open a specific file type or URI.
       epiphany # Web browser
       unstable.servo # Web browser
diff --git a/modules/tor.nix b/modules/tor.nix
new file mode 100644
index 0000000..d5e02c2
--- /dev/null
+++ b/modules/tor.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+{
+  # https://wiki.nixos.org/w/index.php?title=Tor
+
+  # `torsocks` is a wrapper to safely torify applications.
+  # `torsocks` should be used instead of the older `torify`.
+  # Example: torsocks ssh yodaNas
+
+  services = {
+    tor = {
+      enable = true;
+      # Disable GeoIP to prevent the Tor client from estimating the locations of Tor nodes it connects to.
+      #enableGeoIP = false;
+      # Enable Torsocks for transparent proxying of applications through Tor.
+      torsocks.enable = true;
+      client = {
+        # Enable the Tor client.
+        enable = true;
+        # Enable DNS resolver.
+        dns.enable = true;
+      };
+    };
+  };
+}