From cb9c1c63c978f6813cbe74182ca09c70e8888d7c Mon Sep 17 00:00:00 2001 From: Jaka Hudoklin Date: Sun, 16 Apr 2017 15:18:44 +0200 Subject: nixos/tor: expose control socket --- nixos/modules/services/security/tor.nix | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index fed91756e76..2c727de2102 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -5,6 +5,7 @@ with lib; let cfg = config.services.tor; torDirectory = "/var/lib/tor"; + torRunDirectory = "/run/tor"; opt = name: value: optionalString (value != null) "${name} ${value}"; optint = name: value: optionalString (value != null && value != 0) "${name} ${toString value}"; @@ -38,6 +39,7 @@ let ''} ${optint "ControlPort" cfg.controlPort} + ${optionalString cfg.controlSocket.enable "ControlSocket ${torRunDirectory}/control GroupWritable RelaxDirModeCheck"} '' # Client connection config + optionalString cfg.client.enable '' @@ -140,6 +142,17 @@ in ''; }; + controlSocket = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Wheter to enable Tor control socket. Control socket is created + in ${torRunDirectory}/control + ''; + }; + }; + client = { enable = mkOption { type = types.bool; @@ -692,7 +705,7 @@ in # Translated from the upstream contrib/dist/tor.service.in preStart = '' - install -o tor -g tor -d ${torDirectory}/onion + install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory} ${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config ''; @@ -716,7 +729,7 @@ in DevicePolicy = "closed"; InaccessibleDirectories = "/home"; ReadOnlyDirectories = "/"; - ReadWriteDirectories = torDirectory; + ReadWriteDirectories = [torDirectory torRunDirectory]; NoNewPrivileges = "yes"; }; }; -- cgit 1.4.1