diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 47f863b96df..3b4d77a6f7b 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -12,6 +12,10 @@ let torRc = '' User tor DataDirectory ${torDirectory} + ${optionalString cfg.enableGeoIP '' + GeoIPFile ${pkgs.tor.geoip}/share/tor/geoip + GeoIPv6File ${pkgs.tor.geoip}/share/tor/geoip6 + ''} ${optint "ControlPort" cfg.controlPort} '' @@ -58,6 +62,18 @@ in ''; }; + enableGeoIP = mkOption { + type = types.bool; + default = true; + description = '' + Whenever to configure Tor daemon to use GeoIP databases. + + Disabling this will disable by-country statistics for + bridges and relays and some client and third-party software + functionality. + ''; + }; + extraConfig = mkOption { type = types.lines; default = ""; diff --git a/nixos/modules/services/security/torify.nix b/nixos/modules/services/security/torify.nix index a81cdbbc172..a29cb3f33da 100644 --- a/nixos/modules/services/security/torify.nix +++ b/nixos/modules/services/security/torify.nix @@ -19,15 +19,23 @@ in { ###### interface - + options = { - + services.tor.tsocks = { enable = mkOption { - default = cfg.enable && cfg.client.enable; + default = false; description = '' - Whether to build tsocks wrapper script to relay application traffic via TOR. + Whether to build tsocks wrapper script to relay application traffic via Tor. + + + You shouldn't use this unless you know what you're + doing because your installation of Tor already comes with + its own superior (doesn't leak DNS queries) + torsocks wrapper which does pretty much + exactly the same thing as this. + ''; };