nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

services: tor: Store private data under /var/lib/tor. 

* gnu/services/networking.scm (tor-configuration->torrc): Add
'DataDirectory' clause.  Change 'HiddenServiceDir' to
/var/lib/tor/hidden-services/NAME.
(tor-hidden-service-activation): Create /var/lib/tor.
(tor-hidden-service): Adjust docstring.
* doc/guix.texi (Networking Services): Adjust accordingly.
This commit is contained in:
Ludovic Courtès 2015-11-27 23:29:51 +01:00
parent 5ee35eb747
commit 6629099a63
2 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/guix.texi
View File

@ -6597,8 +6597,8 @@ Define a new Tor @dfn{hidden service} called @var{name} and implementing
In this example, port 22 of the hidden service is mapped to local port 22, and In this example, port 22 of the hidden service is mapped to local port 22, and
port 80 is mapped to local port 8080. port 80 is mapped to local port 8080.
This creates a @file{/var/lib/tor/@var{name}} directory, where the This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
@file{hostname} file contains the @code{.onion} host name for the hidden the @file{hostname} file contains the @code{.onion} host name for the hidden
service. service.
See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor

21
gnu/services/networking.scm
View File

@ -351,12 +351,13 @@ keep the system clock synchronized with that of @var{servers}."
(display "\ (display "\
# The beginning was automatically added. # The beginning was automatically added.
User tor User tor
DataDirectory /var/lib/tor
Log notice syslog\n" port) Log notice syslog\n" port)
(for-each (match-lambda (for-each (match-lambda
((service (ports hosts) ...) ((service (ports hosts) ...)
(format port "\ (format port "\
HiddenServiceDir /var/lib/tor/~a~%" HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
service) service)
(for-each (lambda (tcp-port host) (for-each (lambda (tcp-port host)
(format port "\ (format port "\
@ -397,16 +398,22 @@ HiddenServicePort ~a ~a~%"
#~(begin #~(begin
(use-modules (guix build utils)) (use-modules (guix build utils))
(define %user
(getpw "tor"))
(define (initialize service) (define (initialize service)
(let ((directory (string-append "/var/lib/tor/" (let ((directory (string-append "/var/lib/tor/hidden-services/"
service)) service)))
(user (getpw "tor")))
(mkdir-p directory) (mkdir-p directory)
(chown directory (passwd:uid user) (passwd:gid user)) (chown directory (passwd:uid %user) (passwd:gid %user))
;; The daemon bails out if we give wider permissions. ;; The daemon bails out if we give wider permissions.
(chmod directory #o700))) (chmod directory #o700)))
(mkdir-p "/var/lib/tor")
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
(chmod "/var/lib/tor" #o700)
(for-each initialize (for-each initialize
'#$(map hidden-service-name '#$(map hidden-service-name
(tor-configuration-hidden-services config))))) (tor-configuration-hidden-services config)))))
@ -462,8 +469,8 @@ and lines for hidden services added via @code{tor-hidden-service}. Run
In this example, port 22 of the hidden service is mapped to local port 22, and In this example, port 22 of the hidden service is mapped to local port 22, and
port 80 is mapped to local port 8080. port 80 is mapped to local port 8080.
This creates a @file{/var/lib/tor/@var{name}} directory, where the This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
@file{hostname} file contains the @code{.onion} host name for the hidden the @file{hostname} file contains the @code{.onion} host name for the hidden
service. service.
See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor