blob: fdd6ac32cc662791ae26bd5bb4c673fd86d045e2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tor.torsocks;
optionalNullStr = b: v: optionalString (b != null) v;
configFile = server: ''
TorAddress ${toString (head (splitString ":" server))}
TorPort ${toString (tail (splitString ":" server))}
OnionAddrRange ${cfg.onionAddrRange}
${optionalNullStr cfg.socks5Username
"SOCKS5Username ${cfg.socks5Username}"}
${optionalNullStr cfg.socks5Password
"SOCKS5Password ${cfg.socks5Password}"}
AllowInbound ${if cfg.allowInbound then "1" else "0"}
'';
wrapTorsocks = name: server: pkgs.writeTextFile {
name = name;
text = ''
#!${pkgs.runtimeShell}
TORSOCKS_CONF_FILE=${pkgs.writeText "torsocks.conf" (configFile server)} ${pkgs.torsocks}/bin/torsocks "$@"
'';
executable = true;
destination = "/bin/${name}";
};
in
{
options = {
services.tor.torsocks = {
enable = mkOption {
type = types.bool;
default = config.services.tor.enable && config.services.tor.client.enable;
defaultText = literalExpression "config.services.tor.enable && config.services.tor.client.enable";
description = ''
Whether to build <literal>/etc/tor/torsocks.conf</literal>
containing the specified global torsocks configuration.
'';
};
server = mkOption {
type = types.str;
default = "127.0.0.1:9050";
example = "192.168.0.20:1234";
description = ''
IP/Port of the Tor SOCKS server. Currently, hostnames are
NOT supported by torsocks.
'';
};
fasterServer = mkOption {
type = types.str;
default = "127.0.0.1:9063";
example = "192.168.0.20:1234";
description = ''
IP/Port of the Tor SOCKS server for torsocks-faster wrapper suitable for HTTP.
Currently, hostnames are NOT supported by torsocks.
'';
};
onionAddrRange = mkOption {
type = types.str;
default = "127.42.42.0/24";
description = ''
Tor hidden sites do not have real IP addresses. This
specifies what range of IP addresses will be handed to the
application as "cookies" for .onion names. Of course, you
should pick a block of addresses which you aren't going to
ever need to actually connect to. This is similar to the
MapAddress feature of the main tor daemon.
'';
};
socks5Username = mkOption {
type = types.nullOr types.str;
default = null;
example = "bob";
description = ''
SOCKS5 username. The <literal>TORSOCKS_USERNAME</literal>
environment variable overrides this option if it is set.
'';
};
socks5Password = mkOption {
type = types.nullOr types.str;
default = null;
example = "sekret";
description = ''
SOCKS5 password. The <literal>TORSOCKS_PASSWORD</literal>
environment variable overrides this option if it is set.
'';
};
allowInbound = mkOption {
type = types.bool;
default = false;
description = ''
Set Torsocks to accept inbound connections. If set to
<literal>true</literal>, listen() and accept() will be
allowed to be used with non localhost address.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.torsocks (wrapTorsocks "torsocks-faster" cfg.fasterServer) ];
environment.etc."tor/torsocks.conf" =
{
source = pkgs.writeText "torsocks.conf" (configFile cfg.server);
};
};
}
|