From a7683d40fd6fd65c1c044a29842a0c35d8c3b69d Mon Sep 17 00:00:00 2001
From: alisceon <alisceon@protonmail.com>
Date: Wed, 27 May 2026 23:17:53 +0200
Subject: [PATCH] 421 and tor connection

---
 nixos/hosts/alisceon-core/configuration.nix | 48 ++++++++++++++++++---
 1 file changed, 42 insertions(+), 6 deletions(-)

diff --git a/nixos/hosts/alisceon-core/configuration.nix b/nixos/hosts/alisceon-core/configuration.nix
index 88a1058..e8ea186 100644
--- a/nixos/hosts/alisceon-core/configuration.nix
+++ b/nixos/hosts/alisceon-core/configuration.nix
@@ -69,6 +69,7 @@ in
       22
       80
       443
+      9001
     ];
   };
 
@@ -185,13 +186,48 @@ in
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    virtualHosts.${forgejoDomain} = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3000";
-        recommendedProxySettings = true;
+    virtualHosts = {
+      "_" = {
+        default = true;
+        rejectSSL = true;
+        extraConfig = ''
+          return 421;
+        '';
       };
+      ${forgejoDomain} = {
+        serverName = forgejoDomain;
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:3000";
+          recommendedProxySettings = true;
+        };
+      };
+    };
+  };
+
+  services.tor = {
+    enable = true;
+    client.enable = false;
+    relay = {
+      enable = true;
+      role = "relay";
+    };
+    settings = {
+      Nickname = "alisceondotcom";
+      ORPort = 9001;
+      DataDirectory = "/var/lib/tor";
+      ExitRelay = false;
+      ExitPolicy = [ "reject *:*" ];
+      RelayBandwidthRate = "2700 KBytes";
+      RelayBandwidthBurst = "2700 KBytes";
+      BandwidthRate = "2700 KBytes";
+      BandwidthBurst = "2700 KBytes";
+      AccountingStart = "month 1 00:00";
+      AccountingMax = "7500 GBytes";
+      DirCache = true;
+      AvoidDiskWrites = 1;
+      Sandbox = true;
     };
   };