diff options
author | Evgeny Egorochkin <phreedom@yandex.ru> | 2014-12-18 08:19:57 +0200 |
---|---|---|
committer | Evgeny Egorochkin <phreedom@yandex.ru> | 2014-12-19 08:05:41 +0200 |
commit | 824b3b1a9958421ddfc9558b47272692f5eb9a5f (patch) | |
tree | 92959c604a5a7f50ae2c5e9511c0047fdb9f9f9f /nixos/modules/services/security/tor.nix | |
parent | 1fe5314dc5663c1f86397e488e7711e311327cd0 (diff) | |
download | nixpkgs-824b3b1a9958421ddfc9558b47272692f5eb9a5f.tar nixpkgs-824b3b1a9958421ddfc9558b47272692f5eb9a5f.tar.gz nixpkgs-824b3b1a9958421ddfc9558b47272692f5eb9a5f.tar.bz2 nixpkgs-824b3b1a9958421ddfc9558b47272692f5eb9a5f.tar.lz nixpkgs-824b3b1a9958421ddfc9558b47272692f5eb9a5f.tar.xz nixpkgs-824b3b1a9958421ddfc9558b47272692f5eb9a5f.tar.zst nixpkgs-824b3b1a9958421ddfc9558b47272692f5eb9a5f.zip |
tor: restore the Privoxy setup, but configure the system Privoxy instead of running a separate instance.
Diffstat (limited to 'nixos/modules/services/security/tor.nix')
-rw-r--r-- | nixos/modules/services/security/tor.nix | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 431fd102eed..47f863b96df 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -122,6 +122,22 @@ in SocksListenAddress. ''; }; + + privoxy.enable = mkOption { + default = true; + description = '' + Whether to enable and configure the system Privoxy to use Tor's + faster port, suitable for HTTP. + + To have anonymity, protocols need to be scrubbed of identifying + information, and this can be accomplished for HTTP by Privoxy. + + Privoxy can also be useful for KDE torification. A good setup would be: + setting SOCKS proxy to the default Tor port, providing maximum + circuit isolation where possible; and setting HTTP proxy to Privoxy + to route HTTP traffic over faster, but less isolated port. + ''; + }; }; relay = { @@ -336,5 +352,16 @@ in }; environment.systemPackages = [ pkgs.tor ]; + + services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) { + enable = true; + extraConfig = '' + forward-socks4a / ${cfg.client.socksListenAddressFaster} . + toggle 1 + enable-remote-toggle 0 + enable-edit-actions 0 + enable-remote-http-toggle 0 + ''; + }; }; } |