tor: restore the Privoxy setup, but configure the system Privoxy instead of running a separate instance.

1 files changed, 27 insertions, 0 deletions

diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
index 431fd102eed..47f863b96df 100644
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@@ -122,6 +122,22 @@ in
             SocksListenAddress.
           '';
         };
+
+        privoxy.enable = mkOption {
+          default = true;
+          description = ''
+            Whether to enable and configure the system Privoxy to use Tor's
+            faster port, suitable for HTTP.
+
+            To have anonymity, protocols need to be scrubbed of identifying
+            information, and this can be accomplished for HTTP by Privoxy.
+
+            Privoxy can also be useful for KDE torification. A good setup would be:
+            setting SOCKS proxy to the default Tor port, providing maximum
+            circuit isolation where possible; and setting HTTP proxy to Privoxy
+            to route HTTP traffic over faster, but less isolated port.
+          '';
+        };
       };
 
       relay = {
@@ -336,5 +352,16 @@ in
       };
 
     environment.systemPackages = [ pkgs.tor ];
+
+    services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) {
+      enable = true;
+      extraConfig = ''
+        forward-socks4a / ${cfg.client.socksListenAddressFaster} .
+        toggle  1
+        enable-remote-toggle 0
+        enable-edit-actions 0
+        enable-remote-http-toggle 0
+      '';
+    };
   };
 }