diff options
author | Tom <tom@tom-fitzhenry.me.uk> | 2021-05-11 18:10:32 +1000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-11 10:10:32 +0200 |
commit | 33a4c431262255f4963b18e8ca6cc79dcdaed6b4 (patch) | |
tree | 5ef30479eafd105188a4c2ba6579c1a10d2e5f4c /nixos | |
parent | b5227312c84e17dadbcc35eeb555151a85e795cd (diff) | |
download | nixpkgs-33a4c431262255f4963b18e8ca6cc79dcdaed6b4.tar nixpkgs-33a4c431262255f4963b18e8ca6cc79dcdaed6b4.tar.gz nixpkgs-33a4c431262255f4963b18e8ca6cc79dcdaed6b4.tar.bz2 nixpkgs-33a4c431262255f4963b18e8ca6cc79dcdaed6b4.tar.lz nixpkgs-33a4c431262255f4963b18e8ca6cc79dcdaed6b4.tar.xz nixpkgs-33a4c431262255f4963b18e8ca6cc79dcdaed6b4.tar.zst nixpkgs-33a4c431262255f4963b18e8ca6cc79dcdaed6b4.zip |
nixos/tor: fix HidServAuth (#122439)
* add an example for services.tor.settings.HidServAuth * fix HidServAuth validation to require ".onion" Per https://manpages.debian.org/testing/tor/torrc.5.en.html : > Valid onion addresses contain 16 characters in a-z2-7 plus ".onion"
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/security/tor.nix | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 54c2c2dea23..9e8f18e93c8 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -170,7 +170,7 @@ let else if k == "ServerTransportPlugin" then optionalString (v.transports != []) "${concatStringsSep "," v.transports} exec ${v.exec}" else if k == "HidServAuth" then - concatMapStringsSep "\n${k} " (settings: settings.onion + " " settings.auth) v + v.onion + " " + v.auth else generators.mkValueStringDefault {} v; genTorrc = settings: generators.toKeyValue { @@ -715,7 +715,7 @@ in (submodule { options = { onion = mkOption { - type = strMatching "[a-z2-7]{16}(\\.onion)?"; + type = strMatching "[a-z2-7]{16}\\.onion"; description = "Onion address."; example = "xxxxxxxxxxxxxxxx.onion"; }; @@ -726,6 +726,12 @@ in }; }) ]); + example = [ + { + onion = "xxxxxxxxxxxxxxxx.onion"; + auth = "xxxxxxxxxxxxxxxxxxxxxx"; + } + ]; }; options.HiddenServiceNonAnonymousMode = optionBool "HiddenServiceNonAnonymousMode"; options.HiddenServiceStatistics = optionBool "HiddenServiceStatistics"; |