During the last few weeks I’ve been developing this nix module that adds a networking.tor option to route all traffic through Tor.
It has two modes, client and router. Client routes all the traffic of the current machine, while router acts as a Tor gateway for other machines.
It’s very easy to use and has quite a few useful options. I use it daily and honestly it looks like internet handles well Tor now, compared to years ago, when every website was blocking it.
It handles a bunch of different use cases, like excluding VPN traffic, fwmarked packets, or simply avoid to route traffic destined to certain subnets. It doesn’t handle local traffic by choice, as if you want to block it, you can just apply another netfilter chain on top of it.
You can also enable a clearnet proxy (squid) for cases where you need to browse the internet. For example I use it with a container profile within Firefox that’s configured to use a proxy. Very handy.
Thanks! Yes, for example you can set fwMark on Wireguard configuration and then add this fwMark to the list here alongside the wg interface and you’re good to go.
If you are a user of this yourself, you may benefit from upstreaming it because it’d be less likely to be broken by Nixpkgs changes without notice. Especially if it is upstreamed with some tests. Would you be interested in doing that? Of course, I can’t guarantee acceptance.
Well, then, if you haven’t yet, there’s this document that is too long but not all of it is relevant to this particular contribution. And if you have any questions, feel free to ask here. And as soon as you have a draft, link it here, as well, please. Good luck.
I have the pull request ready. Should be formatted accordingly. There is a test too (I hope that’s correct!). The branch is not derived from master but from my current revision, which should be okay if I understood correctly.
Let me know what you think.
Thanks
EDIT: There are two commits, I just linked the second one. The first one adds myself as a maintainer.
