From 6e6061e6b39b59127538f9b926c210d1a1951822 Mon Sep 17 00:00:00 2001
From: Evgeny Egorochkin <phreedom@yandex.ru>
Date: Tue, 4 Jun 2013 13:02:37 +0300
Subject: [PATCH] TOR: add obfsproxy support by default for TOR bridges

---
 modules/services/security/tor.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/services/security/tor.nix b/modules/services/security/tor.nix
index ebbe15695763..2dafb4595c63 100644
--- a/modules/services/security/tor.nix
+++ b/modules/services/security/tor.nix
@@ -135,7 +135,9 @@ in
 
             A bridge relay can't be an exit relay.
 
-            You need to set enableRelay to true for this option to take effect.
+            You need to set relay.enable to true for this option to take effect.
+
+            The bridge is set up with an obfuscated transport proxy.
 
             See https://www.torproject.org/bridges.html.en for more info.
           '';
@@ -278,7 +280,10 @@ in
         ${optint "RelayBandwidthRate" cfg.relay.bandwidthRate}
         ${optint "RelayBandwidthBurst" cfg.relay.bandwidthBurst}
         ${if cfg.relay.isExit then opt "ExitPolicy" cfg.relay.exitPolicy else "ExitPolicy reject *:*"}
-        ${if cfg.relay.isBridge then "BridgeRelay 1" else ""}
+        ${if cfg.relay.isBridge then ''
+          BridgeRelay 1
+          ServerTransportPlugin obfs2,obfs3 exec ${pkgs.pythonPackages.obfsproxy}/bin/obfsproxy managed
+        '' else ""}
       '';
 
       services.tor.client.privoxy.config = ''