diff options
author | Luflosi <luflosi@luflosi.de> | 2022-03-05 13:25:02 +0100 |
---|---|---|
committer | Luflosi <luflosi@luflosi.de> | 2022-03-15 23:39:02 +0100 |
commit | 1b34039b5f1c3bfa6a9b1f7bd78ab3adecbe2a75 (patch) | |
tree | 8b699531374acfb601b58728d23e94089e5bc023 /nixos/modules | |
parent | 70601aaadc4b6ee2b266033044d0e0a37117b9e5 (diff) | |
download | nixpkgs-1b34039b5f1c3bfa6a9b1f7bd78ab3adecbe2a75.tar nixpkgs-1b34039b5f1c3bfa6a9b1f7bd78ab3adecbe2a75.tar.gz nixpkgs-1b34039b5f1c3bfa6a9b1f7bd78ab3adecbe2a75.tar.bz2 nixpkgs-1b34039b5f1c3bfa6a9b1f7bd78ab3adecbe2a75.tar.lz nixpkgs-1b34039b5f1c3bfa6a9b1f7bd78ab3adecbe2a75.tar.xz nixpkgs-1b34039b5f1c3bfa6a9b1f7bd78ab3adecbe2a75.tar.zst nixpkgs-1b34039b5f1c3bfa6a9b1f7bd78ab3adecbe2a75.zip |
nixos/tor: fix services.tor.client.enable = false not working
If `services.tor.client.enable` is set to false (the default), the `SOCKSPort` option is not added to the torrc file but since Tor defaults to listening on port 9050 when the option is not specified, the tor client is not actually disabled. To fix this, simply set `SOCKSPort` to 0, which disables the client. Use `mkForce` to prevent potentially two different `SOCKSPort` options in the torrc file, with one of them being 0 as this would cause Tor to fail to start. When `services.tor.client.enable` is set to false, this should always be disabled.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/security/tor.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index ddd216ca7fd..a5822c02794 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -910,6 +910,11 @@ in ORPort = mkForce []; PublishServerDescriptor = mkForce false; }) + (mkIf (!cfg.client.enable) { + # Make sure application connections via SOCKS are disabled + # when services.tor.client.enable is false + SOCKSPort = mkForce [ 0 ]; + }) (mkIf cfg.client.enable ( { SOCKSPort = [ cfg.client.socksListenAddress ]; } // optionalAttrs cfg.client.transparentProxy.enable { |