nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

services: Add Tor service. 

* gnu/services/networking.scm (tor-service): New procedure.
* doc/guix.texi (Networking Services): Document it.
* build-aux/hydra/demo-os.scm: Use it.  Add TOR and TORSOCKS to
  'packages'.
master
Ludovic Courtès 2014-07-12 23:14:10 +02:00
parent 8897603ad0
commit 927097effd
3 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
build-aux/hydra/demo-os.scm
View File

@ -27,6 +27,7 @@
(gnu packages xorg) (gnu packages xorg)
(gnu packages avahi) (gnu packages avahi)
(gnu packages linux) (gnu packages linux)
(gnu packages tor)
(gnu services networking) (gnu services networking)
(gnu services avahi) (gnu services avahi)
@ -79,10 +80,13 @@ You can log in as 'guest' or 'root' with no password.
(avahi-service) (avahi-service)
(dbus-service (list avahi)) (dbus-service (list avahi))
(tor-service)
%base-services)) %base-services))
(pam-services (pam-services
;; Explicitly allow for empty passwords. ;; Explicitly allow for empty passwords.
(base-pam-services #:allow-empty-passwords? #t)) (base-pam-services #:allow-empty-passwords? #t))
(packages (cons* strace xterm avahi %base-packages))) (packages (cons* strace
tor torsocks
xterm avahi %base-packages)))

7
doc/guix.texi
View File

@ -3460,6 +3460,13 @@ Return a service that starts @var{interface} with address @var{ip}. If
gateway. gateway.
@end deffn @end deffn
@deffn {Monadic Procedure} tor-service [#:tor tor]
Return a service to run the @uref{https://torproject.org,Tor} daemon.
The daemon runs with the default settings (in particular the default exit
policy) as the @code{tor} unprivileged user.
@end deffn
In addition, @code{(gnu system ssh)} provides the following service. In addition, @code{(gnu system ssh)} provides the following service.
@deffn {Monadic Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @ @deffn {Monadic Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @

36
gnu/services/networking.scm
View File

@ -18,11 +18,14 @@
(define-module (gnu services networking) (define-module (gnu services networking)
#:use-module (gnu services) #:use-module (gnu services)
#:use-module (gnu system shadow)
#:use-module (gnu packages admin) #:use-module (gnu packages admin)
#:use-module (gnu packages linux) #:use-module (gnu packages linux)
#:use-module (gnu packages tor)
#:use-module (guix gexp) #:use-module (guix gexp)
#:use-module (guix monads) #:use-module (guix monads)
#:export (static-networking-service)) #:export (static-networking-service
tor-service))
;;; Commentary: ;;; Commentary:
;;; ;;;
@ -85,4 +88,35 @@ gateway."
#t))))) #t)))))
(respawn? #f))))) (respawn? #f)))))
(define* (tor-service #:key (tor tor))
"Return a service to run the @uref{https://torproject.org,Tor} daemon.
The daemon runs with the default settings (in particular the default exit
policy) as the @code{tor} unprivileged user."
(mlet %store-monad ((torrc (text-file "torrc" "User tor\n")))
(return
(service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback))
(start #~(make-forkexec-constructor
(list (string-append #$tor "/bin/tor") "-f" #$torrc)))
(stop #~(make-kill-destructor))
(user-groups (list (user-group
(name "tor"))))
(user-accounts (list (user-account
(name "tor")
(group "tor")
(system? #t)
(comment "Tor daemon user")
(home-directory "/var/empty")
(shell
"/run/current-system/profile/sbin/nologin"))))
(documentation "Run the Tor anonymous network overlay.")))))
;;; networking.scm ends here ;;; networking.scm ends here