diff options
| author | Sandro <sandro.jaeckel@gmail.com> | 2022-03-20 19:51:30 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-20 19:51:30 +0100 |
| commit | 3d48fda6f55e7eadfd7623aefab28aec1433b837 (patch) | |
| tree | d26a7407cf2f72d97bd71aed7af0d71c9342ed94 | |
| parent | 2a896cbbdf906bf18ab0b0033e29f6aee08670a1 (diff) | |
| parent | 1b34039b5f1c3bfa6a9b1f7bd78ab3adecbe2a75 (diff) | |
| download | nixpkgs-3d48fda6f55e7eadfd7623aefab28aec1433b837.tar nixpkgs-3d48fda6f55e7eadfd7623aefab28aec1433b837.tar.gz nixpkgs-3d48fda6f55e7eadfd7623aefab28aec1433b837.tar.bz2 nixpkgs-3d48fda6f55e7eadfd7623aefab28aec1433b837.tar.lz nixpkgs-3d48fda6f55e7eadfd7623aefab28aec1433b837.tar.xz nixpkgs-3d48fda6f55e7eadfd7623aefab28aec1433b837.tar.zst nixpkgs-3d48fda6f55e7eadfd7623aefab28aec1433b837.zip | |
Merge pull request #164330 from Luflosi/fix-tor-client-disable
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 10 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2205.section.md | 2 | ||||
| -rw-r--r-- | nixos/modules/services/security/tor.nix | 5 |
3 files changed, 17 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 9389905e09f..348374026b4 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -838,6 +838,16 @@ </listitem> <listitem> <para> + The Tor SOCKS proxy is now actually disabled if + <literal>services.tor.client.enable</literal> is set to + <literal>false</literal> (the default). If you are using this + functionality but didn’t change the setting or set it to + <literal>false</literal>, you now need to set it to + <literal>true</literal>. + </para> + </listitem> + <listitem> + <para> The terraform 0.12 compatibility has been removed and the <literal>terraform.withPlugins</literal> and <literal>terraform-providers.mkProvider</literal> diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index fdd3874b240..37ff778dd9b 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -324,6 +324,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `systemd-nspawn@.service` settings have been reverted to the default systemd behaviour. User namespaces are now activated by default. If you want to keep running nspawn containers without user namespaces you need to set `systemd.nspawn.<name>.execConfig.PrivateUsers = false` +- The Tor SOCKS proxy is now actually disabled if `services.tor.client.enable` is set to `false` (the default). If you are using this functionality but didn't change the setting or set it to `false`, you now need to set it to `true`. + - The terraform 0.12 compatibility has been removed and the `terraform.withPlugins` and `terraform-providers.mkProvider` implementations simplified. Providers now need to be stored under `$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version>` (which mkProvider does). diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index ddd216ca7fd..a5822c02794 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -910,6 +910,11 @@ in ORPort = mkForce []; PublishServerDescriptor = mkForce false; }) + (mkIf (!cfg.client.enable) { + # Make sure application connections via SOCKS are disabled + # when services.tor.client.enable is false + SOCKSPort = mkForce [ 0 ]; + }) (mkIf cfg.client.enable ( { SOCKSPort = [ cfg.client.socksListenAddress ]; } // optionalAttrs cfg.client.transparentProxy.enable { |