diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index 35c10d3e593..458170e803b 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -265,6 +265,19 @@ located in /run/rspamd instead of /run. + + + Enabling the Tor client no longer silently also enables and + configures Privoxy, and the + services.tor.client.privoxy.enable option has + been removed. To enable Privoxy, and to configure it to use + Tor's faster port, use the following configuration: + + + = true; + = true; + + diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix index 1f41c720adf..e3b34cb0c61 100644 --- a/nixos/modules/services/networking/privoxy.nix +++ b/nixos/modules/services/networking/privoxy.nix @@ -8,15 +8,22 @@ let cfg = config.services.privoxy; - confFile = pkgs.writeText "privoxy.conf" '' + confFile = pkgs.writeText "privoxy.conf" ('' user-manual ${privoxy}/share/doc/privoxy/user-manual confdir ${privoxy}/etc/ listen-address ${cfg.listenAddress} enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"} ${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles} ${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles} + '' + optionalString cfg.enableTor '' + forward-socks4a / ${config.services.tor.client.socksListenAddressFaster} . + toggle 1 + enable-remote-toggle 0 + enable-edit-actions 0 + enable-remote-http-toggle 0 + '' + '' ${cfg.extraConfig} - ''; + ''); in @@ -72,6 +79,15 @@ in ''; }; + enableTor = mkOption { + type = types.bool; + default = false; + description = '' + Whether to configure Privoxy to use Tor's faster SOCKS port, + suitable for HTTP. + ''; + }; + extraConfig = mkOption { type = types.lines; default = "" ; diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 38dc378887a..1cceee065b1 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -107,6 +107,9 @@ let in { imports = [ + (mkRemovedOptionModule [ "services" "tor" "client" "privoxy" "enable" ] '' + Use services.privoxy.enable and services.privoxy.enableTor instead. + '') (mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ]) (mkRemovedOptionModule [ "services" "tor" "relay" "isBridge" ] "Use services.tor.relay.role instead.") (mkRemovedOptionModule [ "services" "tor" "relay" "isExit" ] "Use services.tor.relay.role instead.") @@ -270,23 +273,6 @@ in description = "List of suffixes to use with automapHostsOnResolve"; }; }; - - privoxy.enable = mkOption { - type = types.bool; - default = true; - description = '' - Whether to enable and configure the system Privoxy to use Tor's - faster port, suitable for HTTP. - - To have anonymity, protocols need to be scrubbed of identifying - information, and this can be accomplished for HTTP by Privoxy. - - Privoxy can also be useful for KDE torification. A good setup would be: - setting SOCKS proxy to the default Tor port, providing maximum - circuit isolation where possible; and setting HTTP proxy to Privoxy - to route HTTP traffic over faster, but less isolated port. - ''; - }; }; relay = { @@ -784,16 +770,5 @@ in }; environment.systemPackages = [ cfg.package ]; - - services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) { - enable = true; - extraConfig = '' - forward-socks4a / ${cfg.client.socksListenAddressFaster} . - toggle 1 - enable-remote-toggle 0 - enable-edit-actions 0 - enable-remote-http-toggle 0 - ''; - }; }; }