From b775493d239e52269bc8be32644a73ba39952b00 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Mon, 29 Apr 2019 20:04:17 -0500 Subject: [PATCH 1/3] obfs4: init at 0.0.10 --- pkgs/tools/networking/obfs4/default.nix | 21 +++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 23 insertions(+) create mode 100644 pkgs/tools/networking/obfs4/default.nix diff --git a/pkgs/tools/networking/obfs4/default.nix b/pkgs/tools/networking/obfs4/default.nix new file mode 100644 index 000000000000..005abb0968b6 --- /dev/null +++ b/pkgs/tools/networking/obfs4/default.nix @@ -0,0 +1,21 @@ +{ lib, fetchgit, buildGoModule }: + +buildGoModule rec { + pname = "obfs4"; + version = "0.0.10"; + + src = fetchgit { + url = meta.repositories.git; + rev = "refs/tags/${pname}proxy-${version}"; + sha256 = "05aqmw8x8s0yqyqmdj5zcsq06gsbcmrlcd52gaqm20m1pg9503ad"; + }; + + modSha256 = "150kg22kznrdj5icjxk3qd70g7wpq8zd2zklw1y2fgvrggw8zvyv"; + + meta = with lib; { + description = "A pluggable transport proxy"; + homepage = https://www.torproject.org/projects/obfsproxy; + repositories.git = https://git.torproject.org/pluggable-transports/obfs4.git; + maintainers = with maintainers; [ phreedom thoughtpolice ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 962fcd90f08b..49c2cd2eed15 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4785,6 +4785,8 @@ in obexd = callPackage ../tools/bluetooth/obexd { }; + obfs4 = callPackage ../tools/networking/obfs4 { }; + oci-image-tool = callPackage ../tools/misc/oci-image-tool { }; ocproxy = callPackage ../tools/networking/ocproxy { }; From 63a13cce7c628b2df4b848f9819312bbf999d400 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Mon, 29 Apr 2019 20:13:46 -0500 Subject: [PATCH 2/3] tor-browser-bundle: use obfs4proxy --- .../networking/browsers/tor-browser-bundle/default.nix | 8 ++++---- pkgs/top-level/all-packages.nix | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix index 2c6940e037cd..834be5cd3020 100644 --- a/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix +++ b/pkgs/applications/networking/browsers/tor-browser-bundle/default.nix @@ -34,7 +34,7 @@ , rsync # Pluggable transports -, obfsproxy +, obfs4 # Customization , extraPrefs ? "" @@ -171,9 +171,9 @@ stdenv.mkDerivation rec { EOF # Configure pluggable transports - cat >>$TBDATA_PATH/torrc-defaults < Date: Mon, 29 Apr 2019 22:56:47 -0500 Subject: [PATCH 3/3] nixos tor: use obfs4proxy, make transport list customizable --- nixos/modules/services/security/tor.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 61b751bb518b..6f4852c3ba1a 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -81,7 +81,7 @@ let ${optionalString (elem cfg.relay.role ["bridge" "private-bridge"]) '' BridgeRelay 1 - ServerTransportPlugin obfs2,obfs3 exec ${pkgs.pythonPackages.obfsproxy}/bin/obfsproxy managed + ServerTransportPlugin ${concatStringsSep "," cfg.relay.bridgeTransports} exec ${obfs4}/bin/obfs4proxy managed ExtORPort auto ${optionalString (cfg.relay.role == "private-bridge") '' ExtraInfoStatistics 0 @@ -355,7 +355,7 @@ in Regular bridge. Works like a regular relay, but doesn't list you in the public relay directory and - hides your Tor node behind obfsproxy. + hides your Tor node behind obfs4proxy. @@ -424,6 +424,13 @@ in ''; }; + bridgeTransports = mkOption { + type = types.listOf types.str; + default = ["obfs4"]; + example = ["obfs2" "obfs3" "obfs4" "scramblesuit"]; + description = "List of pluggable transports"; + }; + nickname = mkOption { type = types.str; default = "anonymous";