services: tor: Make it easier to use UNIX sockets.

* doc/guix.texi (Networking Services): Document it, and mention that tor-service is deprecated. * gnu/services/networking.scm (<tor-configuration>) <socks-socket-type>: New field. (tor-configuration->torrc): When socks-socket-type is 'unix, set SocksPort to UNIX domain socket /var/run/tor/socks-sock and set UnixSocksGroupWritable to 1. * gnu/tests/networking.scm (%tor-os/unix-socks-socket): Instead of using a custom config file, just set socks-socket-type to 'unix.
2018-07-31 01:13:48 -07:00 · 2018-07-31 01:13:48 -07:00 · 3bcb305b98
parent b0f951e4f0
commit 3bcb305b98
3 changed files with 57 additions and 16 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -11450,16 +11450,57 @@ detailed discussion of each configuration field.
@end deftp

@cindex Tor
-@deffn {Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}]
-Return a service to run the @uref{https://torproject.org, Tor} anonymous
-networking daemon.
+@defvr {Scheme Variable} tor-service-type
+This is the type for a service that runs the @uref{https://torproject.org,
+Tor} anonymous networking daemon.  The service is configured using a
+@code{<tor-configuration>} record.  By default, the Tor daemon runs as the
+@code{tor} unprivileged user, which is a member of the @code{tor} group.

-The daemon runs as the @code{tor} unprivileged user.  It is passed
-@var{config-file}, a file-like object, with an additional @code{User tor} line
-and lines for hidden services added via @code{tor-hidden-service}.  Run
-@command{man tor} for information about the configuration file.
+@end defvr
+
+@deffn {Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}]
+This procedure is deprecated and will be removed in a future release.  Return
+a service of the @code{tor-service-type} type.  @var{config-file} and
+@var{tor} have the same meaning as in @code{<tor-configuration>}.
@end deffn

+@deftp {Data Type} tor-configuration
+@table @asis
+@item @code{tor} (default: @code{tor})
+The package that provides the Tor daemon.  This package is expected to provide
+the daemon at @file{bin/tor} relative to its output directory.  The default
+package is the @uref{https://www.torproject.org, Tor Project's}
+implementation.
+
+@item @code{config-file} (default: @code{(plain-file "empty" "")})
+The configuration file to use.  It will be appended to a default configuration
+file, and the final configuration file will be passed to @code{tor} via its
+@code{-f} option.  This may be any ``file-like'' object (@pxref{G-Expressions,
+file-like objects}).  See @code{man tor} for details on the configuration file
+syntax.
+
+@item @code{hidden-services} (default: @code{'()})
+The list of @code{<hidden-service>} records to use.  For any hidden service
+you include in this list, appropriate configuration to enable the hidden
+service will be automatically added to the default configuration file.  You
+may conveniently create @code{<hidden-service>} records using the
+@code{tor-hidden-service} procedure described below.
+
+@item @code{socks-socket-type} (default: @code{'tcp})
+The default socket type that Tor should use for its SOCKS socket.  This must
+be either @code{'tcp} or @code{'unix}.  If it is @code{'tcp}, then by default
+Tor will listen on TCP port 9050 on the loopback interface (i.e., localhost).
+If it is @code{'unix}, then Tor will listen on the UNIX domain socket
+@file{/var/run/tor/socks-sock}, which will be made writable by members of the
+@code{tor} group.
+
+If you want to customize the SOCKS socket in more detail, leave
+@code{socks-socket-type} at its default value of @code{'tcp} and use
+@code{config-file} to override the default by providing your own
+@code{SocksPort} option.
+@end table
+@end deftp
+
@cindex hidden service
@deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping}
 Define a new Tor @dfn{hidden service} called @var{name} and implementing
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@ -577,7 +577,9 @@ demand.")))
  (config-file      tor-configuration-config-file
                    (default (plain-file "empty" "")))
  (hidden-services  tor-configuration-hidden-services
-                    (default '())))
+                    (default '()))
+  (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
+                     (default 'tcp)))

 (define %tor-accounts
  ;; User account and groups for Tor.
@ -599,7 +601,7 @@ demand.")))
 (define (tor-configuration->torrc config)
  "Return a 'torrc' file for CONFIG."
  (match config
-    (($ <tor-configuration> tor config-file services)
+    (($ <tor-configuration> tor config-file services socks-socket-type)
     (computed-file
      "torrc"
      (with-imported-modules '((guix build utils))
@ -615,6 +617,10 @@ User tor
 DataDirectory /var/lib/tor
 PidFile /var/run/tor/tor.pid
 Log notice syslog\n" port)
+                (when (eq? 'unix '#$socks-socket-type)
+                  (display "\
+SocksPort unix:/var/run/tor/socks-sock
+UnixSocksGroupWritable 1\n" port))

                (for-each (match-lambda
                            ((service (ports hosts) ...)
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@ -354,13 +354,7 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
  (simple-operating-system
   (service tor-service-type
            (tor-configuration
-             (config-file
-              (plain-file "test-torrc"
-                          "\
-SocksPort unix:/var/run/tor/socks-sock
-UnixSocksGroupWritable 1
-")
-              )))))
+             (socks-socket-type 'unix)))))

 (define (run-tor-test)
  (define os