{ config, ... }:
{
  # Operating a Snowflake proxy helps others circumvent censorship.
  # Safe to run.
  # https://wiki.nixos.org/w/index.php?title=Tor
  #
  # Monitoring: https://codeberg.org/privacy1st/snowflake-stats

  # Enable snowflake-proxy, a system to defeat internet censorship.
  services.snowflake-proxy.enable = true;
  # Maximum concurrent clients allowed.
  services.snowflake-proxy.capacity = 10;

  # Which inbounds UDP ports to open? https://forum.torproject.org/t/tor-relays-snowflake-incoming-udp-ports/2228/2
  #
  # If you have restricted NAT I would recommend you to open the UDP port range of 32768-60999.
  #
  # journalctl -u snowflake-proxy.service | grep 'NAT type'
  # #=> NAT type: restricted
  #
#  networking.firewall.allowedUDPPortRanges = [
#    { from = 32768; to = 60999; }
#  ];
}