public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/tor: better support non-anonymous services

Browse Source 
Tor requires ``SOCKSPort 0`` when non-anonymous hidden services are
enabled.  If the configuration doesn't enable Tor client features,
generate a configuration file that explicitly includes this disabling
to allow such non-anonymous hidden services to be created (note that
doing so still requires additional configuration).  See #48622.
This commit is contained in:
Jean-Paul Calderone 2018-10-17 08:56:59 -04:00
parent 7dea8e403e
commit 4a71e2942c
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/services/security/tor.nix
View File

@ -57,6 +57,11 @@ let
AutomapHostsSuffixes ${concatStringsSep "," cfg.client.dns.automapHostsSuffixes} AutomapHostsSuffixes ${concatStringsSep "," cfg.client.dns.automapHostsSuffixes}
''} ''}
'' ''
# Explicitly disable the SOCKS server if the client is disabled. In
# particular, this makes non-anonymous hidden services possible.
+ optionalString (! cfg.client.enable) ''
SOCKSPort 0
''
# Relay config # Relay config
+ optionalString cfg.relay.enable '' + optionalString cfg.relay.enable ''
ORPort ${toString cfg.relay.port} ORPort ${toString cfg.relay.port}