From 4a71e2942c11d77d7de8234b18ba7853a2e160a8 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Wed, 17 Oct 2018 08:56:59 -0400
Subject: [PATCH] nixos/tor: better support non-anonymous services

Tor requires ``SOCKSPort 0`` when non-anonymous hidden services are
enabled.  If the configuration doesn't enable Tor client features,
generate a configuration file that explicitly includes this disabling
to allow such non-anonymous hidden services to be created (note that
doing so still requires additional configuration).  See #48622.
---
 nixos/modules/services/security/tor.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
index 9b6d4be9bda..aca2cf8cdea 100644
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@@ -57,6 +57,11 @@ let
     AutomapHostsSuffixes ${concatStringsSep "," cfg.client.dns.automapHostsSuffixes}
     ''}
   ''
+  # Explicitly disable the SOCKS server if the client is disabled.  In
+  # particular, this makes non-anonymous hidden services possible.
+  + optionalString (! cfg.client.enable) ''
+  SOCKSPort 0
+  ''
   # Relay config
   + optionalString cfg.relay.enable ''
     ORPort ${toString cfg.relay.port}