summary refs log tree commit diff
path: root/nixos/modules/services/security/tor.nix
diff options
context:
space:
mode:
authorJaka Hudoklin <jakahudoklin@gmail.com>2017-04-16 15:18:44 +0200
committerJan Malakhovski <oxij@oxij.org>2018-03-26 00:41:10 +0000
commitcb9c1c63c978f6813cbe74182ca09c70e8888d7c (patch)
treec34789ccb751d8d7cb574a28ffb7accf62bd99f4 /nixos/modules/services/security/tor.nix
parent273fd896bc5eb560ad4dc102cde6a1a5ce9e5c8d (diff)
downloadnixpkgs-cb9c1c63c978f6813cbe74182ca09c70e8888d7c.tar
nixpkgs-cb9c1c63c978f6813cbe74182ca09c70e8888d7c.tar.gz
nixpkgs-cb9c1c63c978f6813cbe74182ca09c70e8888d7c.tar.bz2
nixpkgs-cb9c1c63c978f6813cbe74182ca09c70e8888d7c.tar.lz
nixpkgs-cb9c1c63c978f6813cbe74182ca09c70e8888d7c.tar.xz
nixpkgs-cb9c1c63c978f6813cbe74182ca09c70e8888d7c.tar.zst
nixpkgs-cb9c1c63c978f6813cbe74182ca09c70e8888d7c.zip
nixos/tor: expose control socket
Diffstat (limited to 'nixos/modules/services/security/tor.nix')
-rw-r--r--nixos/modules/services/security/tor.nix17


1 files changed, 15 insertions, 2 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
index fed91756e76..2c727de2102 100644
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@@ -5,6 +5,7 @@ with lib;
 let
   cfg = config.services.tor;
   torDirectory = "/var/lib/tor";
+  torRunDirectory = "/run/tor";
 
   opt    = name: value: optionalString (value != null) "${name} ${value}";
   optint = name: value: optionalString (value != null && value != 0)    "${name} ${toString value}";
@@ -38,6 +39,7 @@ let
     ''}
 
     ${optint "ControlPort" cfg.controlPort}
+    ${optionalString cfg.controlSocket.enable "ControlSocket ${torRunDirectory}/control GroupWritable RelaxDirModeCheck"}
   ''
   # Client connection config
   + optionalString cfg.client.enable ''
@@ -140,6 +142,17 @@ in
         '';
       };
 
+      controlSocket = {
+        enable = mkOption {
+          type = types.bool;
+          default = false;
+          description = ''
+            Wheter to enable Tor control socket. Control socket is created
+            in <literal>${torRunDirectory}/control</literal>
+          '';
+        };
+      };
+
       client = {
         enable = mkOption {
           type = types.bool;
@@ -692,7 +705,7 @@ in
 
         # Translated from the upstream contrib/dist/tor.service.in
         preStart = ''
-          install -o tor -g tor -d ${torDirectory}/onion
+          install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory}
           ${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config
         '';
 
@@ -716,7 +729,7 @@ in
             DevicePolicy            = "closed";
             InaccessibleDirectories = "/home";
             ReadOnlyDirectories     = "/";
-            ReadWriteDirectories    = torDirectory;
+            ReadWriteDirectories    = [torDirectory torRunDirectory];
             NoNewPrivileges         = "yes";
           };
       };

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-16 17:32:22 +0000