From 33a4c431262255f4963b18e8ca6cc79dcdaed6b4 Mon Sep 17 00:00:00 2001 From: Tom Date: Tue, 11 May 2021 18:10:32 +1000 Subject: nixos/tor: fix HidServAuth (#122439) * add an example for services.tor.settings.HidServAuth * fix HidServAuth validation to require ".onion" Per https://manpages.debian.org/testing/tor/torrc.5.en.html : > Valid onion addresses contain 16 characters in a-z2-7 plus ".onion" --- nixos/modules/services/security/tor.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'nixos/modules/services/security/tor.nix') diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 54c2c2dea23..9e8f18e93c8 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -170,7 +170,7 @@ let else if k == "ServerTransportPlugin" then optionalString (v.transports != []) "${concatStringsSep "," v.transports} exec ${v.exec}" else if k == "HidServAuth" then - concatMapStringsSep "\n${k} " (settings: settings.onion + " " settings.auth) v + v.onion + " " + v.auth else generators.mkValueStringDefault {} v; genTorrc = settings: generators.toKeyValue { @@ -715,7 +715,7 @@ in (submodule { options = { onion = mkOption { - type = strMatching "[a-z2-7]{16}(\\.onion)?"; + type = strMatching "[a-z2-7]{16}\\.onion"; description = "Onion address."; example = "xxxxxxxxxxxxxxxx.onion"; }; @@ -726,6 +726,12 @@ in }; }) ]); + example = [ + { + onion = "xxxxxxxxxxxxxxxx.onion"; + auth = "xxxxxxxxxxxxxxxxxxxxxx"; + } + ]; }; options.HiddenServiceNonAnonymousMode = optionBool "HiddenServiceNonAnonymousMode"; options.HiddenServiceStatistics = optionBool "HiddenServiceStatistics"; -- cgit 1.4.1