eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Deploy Tor Snowflake proxy on ringtail

Browse source 
Add snowflake-proxy as a native systemd service on ringtail to help
censored users reach the Tor network. This is a bridge proxy, not an
exit node — traffic exits through Tor exit nodes elsewhere.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-03-24 20:37:42 -07:00
commit f2362086ef
5 changed files with 117 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docs/reference/infrastructure/ringtail.md
View file

@ -86,6 +86,15 @@ argocd cluster add default --name k3s-ringtail
## Systemd Services
### Snowflake Proxy
A Tor [[snowflake-proxy]] that helps censored users reach the Tor network. Runs as a simple systemd service using the `snowflake` nixpkgs package. The proxy is not a Tor exit node — it only bridges encrypted WebRTC connections to Tor relays.
| Property | Value |
|----------|-------|
| **Service unit** | `snowflake-proxy.service` |
| **Metrics** | `localhost:9999/metrics` (Prometheus) |
### Forgejo Actions Runner
A native Forgejo Actions runner (`ringtail-nix-builder`) runs as a systemd service via the NixOS `services.gitea-actions-runner` module. It builds containers using `nix-build` and pushes them to Zot via `skopeo`.