services: tor: Make it easier to use UNIX sockets.

* doc/guix.texi (Networking Services): Document it, and mention that tor-service is deprecated. * gnu/services/networking.scm (<tor-configuration>) <socks-socket-type>: New field. (tor-configuration->torrc): When socks-socket-type is 'unix, set SocksPort to UNIX domain socket /var/run/tor/socks-sock and set UnixSocksGroupWritable to 1. * gnu/tests/networking.scm (%tor-os/unix-socks-socket): Instead of using a custom config file, just set socks-socket-type to 'unix.
2018-07-31 01:13:48 -07:00 · 2018-07-31 01:13:48 -07:00 · 3bcb305b98
parent b0f951e4f0
commit 3bcb305b98
3 changed files with 57 additions and 16 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -11450,16 +11450,57 @@ detailed discussion of each configuration field.
@end deftp
@cindex Tor
-@deffn {Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}]
+@defvr {Scheme Variable} tor-service-type
-Return a service to run the @uref{https://torproject.org, Tor} anonymous
+This is the type for a service that runs the @uref{https://torproject.org,
-networking daemon.
+Tor} anonymous networking daemon.  The service is configured using a
@code{<tor-configuration>} record.  By default, the Tor daemon runs as the
@code{tor} unprivileged user, which is a member of the @code{tor} group.
-The daemon runs as the @code{tor} unprivileged user.  It is passed
+@end defvr
-@var{config-file}, a file-like object, with an additional @code{User tor} line
+
-and lines for hidden services added via @code{tor-hidden-service}.  Run
+@deffn {Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}]
-@command{man tor} for information about the configuration file.
+This procedure is deprecated and will be removed in a future release.  Return
 a service of the @code{tor-service-type} type.  @var{config-file} and
@var{tor} have the same meaning as in @code{<tor-configuration>}.
@end deffn
@deftp {Data Type} tor-configuration
@table @asis
@item @code{tor} (default: @code{tor})
 The package that provides the Tor daemon.  This package is expected to provide
 the daemon at @file{bin/tor} relative to its output directory.  The default
 package is the @uref{https://www.torproject.org, Tor Project's}
 implementation.
@item @code{config-file} (default: @code{(plain-file "empty" "")})
 The configuration file to use.  It will be appended to a default configuration
 file, and the final configuration file will be passed to @code{tor} via its
@code{-f} option.  This may be any ``file-like'' object (@pxref{G-Expressions,
 file-like objects}).  See @code{man tor} for details on the configuration file
 syntax.
@item @code{hidden-services} (default: @code{'()})
 The list of @code{<hidden-service>} records to use.  For any hidden service
 you include in this list, appropriate configuration to enable the hidden
 service will be automatically added to the default configuration file.  You
 may conveniently create @code{<hidden-service>} records using the
@code{tor-hidden-service} procedure described below.
@item @code{socks-socket-type} (default: @code{'tcp})
 The default socket type that Tor should use for its SOCKS socket.  This must
 be either @code{'tcp} or @code{'unix}.  If it is @code{'tcp}, then by default
 Tor will listen on TCP port 9050 on the loopback interface (i.e., localhost).
 If it is @code{'unix}, then Tor will listen on the UNIX domain socket
@file{/var/run/tor/socks-sock}, which will be made writable by members of the
@code{tor} group.
 If you want to customize the SOCKS socket in more detail, leave
@code{socks-socket-type} at its default value of @code{'tcp} and use
@code{config-file} to override the default by providing your own
@code{SocksPort} option.
@end table
@end deftp
@cindex hidden service
@deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping}
 Define a new Tor @dfn{hidden service} called @var{name} and implementing
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@ -577,7 +577,9 @@ demand.")))
  (config-file      tor-configuration-config-file
                    (default (plain-file "empty" "")))
  (hidden-services  tor-configuration-hidden-services
-                    (default '())))
+                    (default '()))
  (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
                     (default 'tcp)))
 (define %tor-accounts
  ;; User account and groups for Tor.
@ -599,7 +601,7 @@ demand.")))
 (define (tor-configuration->torrc config)
  "Return a 'torrc' file for CONFIG."
  (match config
-    (($ <tor-configuration> tor config-file services)
+    (($ <tor-configuration> tor config-file services socks-socket-type)
     (computed-file
      "torrc"
      (with-imported-modules '((guix build utils))
@ -615,6 +617,10 @@ User tor
 DataDirectory /var/lib/tor
 PidFile /var/run/tor/tor.pid
 Log notice syslog\n" port)
                (when (eq? 'unix '#$socks-socket-type)
                  (display "\
 SocksPort unix:/var/run/tor/socks-sock
 UnixSocksGroupWritable 1\n" port))
                (for-each (match-lambda
                            ((service (ports hosts) ...)
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@ -354,13 +354,7 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
  (simple-operating-system
   (service tor-service-type
            (tor-configuration
-             (config-file
+             (socks-socket-type 'unix)))))
              (plain-file "test-torrc"
                          "\
 SocksPort unix:/var/run/tor/socks-sock
 UnixSocksGroupWritable 1
 ")
              )))))
 (define (run-tor-test)
  (define os