diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml
index 35c10d3e593..458170e803b 100644
--- a/nixos/doc/manual/release-notes/rl-2103.xml
+++ b/nixos/doc/manual/release-notes/rl-2103.xml
@@ -265,6 +265,19 @@
located in /run/rspamd instead of /run.
+
+
+ Enabling the Tor client no longer silently also enables and
+ configures Privoxy, and the
+ services.tor.client.privoxy.enable option has
+ been removed. To enable Privoxy, and to configure it to use
+ Tor's faster port, use the following configuration:
+
+
+ = true;
+ = true;
+
+
diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix
index 1f41c720adf..e3b34cb0c61 100644
--- a/nixos/modules/services/networking/privoxy.nix
+++ b/nixos/modules/services/networking/privoxy.nix
@@ -8,15 +8,22 @@ let
cfg = config.services.privoxy;
- confFile = pkgs.writeText "privoxy.conf" ''
+ confFile = pkgs.writeText "privoxy.conf" (''
user-manual ${privoxy}/share/doc/privoxy/user-manual
confdir ${privoxy}/etc/
listen-address ${cfg.listenAddress}
enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"}
${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles}
${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles}
+ '' + optionalString cfg.enableTor ''
+ forward-socks4a / ${config.services.tor.client.socksListenAddressFaster} .
+ toggle 1
+ enable-remote-toggle 0
+ enable-edit-actions 0
+ enable-remote-http-toggle 0
+ '' + ''
${cfg.extraConfig}
- '';
+ '');
in
@@ -72,6 +79,15 @@ in
'';
};
+ enableTor = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Whether to configure Privoxy to use Tor's faster SOCKS port,
+ suitable for HTTP.
+ '';
+ };
+
extraConfig = mkOption {
type = types.lines;
default = "" ;
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
index 38dc378887a..1cceee065b1 100644
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@@ -107,6 +107,9 @@ let
in
{
imports = [
+ (mkRemovedOptionModule [ "services" "tor" "client" "privoxy" "enable" ] ''
+ Use services.privoxy.enable and services.privoxy.enableTor instead.
+ '')
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
(mkRemovedOptionModule [ "services" "tor" "relay" "isBridge" ] "Use services.tor.relay.role instead.")
(mkRemovedOptionModule [ "services" "tor" "relay" "isExit" ] "Use services.tor.relay.role instead.")
@@ -270,23 +273,6 @@ in
description = "List of suffixes to use with automapHostsOnResolve";
};
};
-
- privoxy.enable = mkOption {
- type = types.bool;
- default = true;
- description = ''
- Whether to enable and configure the system Privoxy to use Tor's
- faster port, suitable for HTTP.
-
- To have anonymity, protocols need to be scrubbed of identifying
- information, and this can be accomplished for HTTP by Privoxy.
-
- Privoxy can also be useful for KDE torification. A good setup would be:
- setting SOCKS proxy to the default Tor port, providing maximum
- circuit isolation where possible; and setting HTTP proxy to Privoxy
- to route HTTP traffic over faster, but less isolated port.
- '';
- };
};
relay = {
@@ -784,16 +770,5 @@ in
};
environment.systemPackages = [ cfg.package ];
-
- services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) {
- enable = true;
- extraConfig = ''
- forward-socks4a / ${cfg.client.socksListenAddressFaster} .
- toggle 1
- enable-remote-toggle 0
- enable-edit-actions 0
- enable-remote-http-toggle 0
- '';
- };
};
}