diff options
| author | Evgeny Egorochkin <phreedom@yandex.ru> | 2014-12-18 07:54:33 +0200 |
|---|---|---|
| committer | Evgeny Egorochkin <phreedom@yandex.ru> | 2014-12-19 08:05:41 +0200 |
| commit | 1fe5314dc5663c1f86397e488e7711e311327cd0 (patch) | |
| tree | af562d6246cc2ae754e25141a726a5b6295a375d /nixos/modules/services/security | |
| parent | da118cf60bdad29cc8ed2abf05f1f97be4f327fc (diff) | |
| download | nixlib-1fe5314dc5663c1f86397e488e7711e311327cd0.tar nixlib-1fe5314dc5663c1f86397e488e7711e311327cd0.tar.gz nixlib-1fe5314dc5663c1f86397e488e7711e311327cd0.tar.bz2 nixlib-1fe5314dc5663c1f86397e488e7711e311327cd0.tar.lz nixlib-1fe5314dc5663c1f86397e488e7711e311327cd0.tar.xz nixlib-1fe5314dc5663c1f86397e488e7711e311327cd0.tar.zst nixlib-1fe5314dc5663c1f86397e488e7711e311327cd0.zip | |
tor: restore strong circuit isolation
Diffstat (limited to 'nixos/modules/services/security')
| -rw-r--r-- | nixos/modules/services/security/tor.nix | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 2b4132cb5688..431fd102eed0 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -17,7 +17,8 @@ let '' # Client connection config + optionalString cfg.client.enable '' - SOCKSPort ${cfg.client.socksListenAddress} + SOCKSPort ${cfg.client.socksListenAddress} IsolateDestAddr + SOCKSPort ${cfg.client.socksListenAddressFaster} ${opt "SocksPolicy" cfg.client.socksPolicy} '' # Relay config @@ -93,10 +94,23 @@ in example = "192.168.0.1:9100"; description = '' Bind to this address to listen for connections from - Socks-speaking applications. + Socks-speaking applications. Provides strong circuit + isolation, separate circuit per IP address. ''; }; + socksListenAddressFaster = mkOption { + type = types.str; + default = "127.0.0.1:9063"; + example = "192.168.0.1:9101"; + description = '' + Bind to this address to listen for connections from + Socks-speaking applications. Same as socksListenAddress + but uses weaker circuit isolation to provide performance + suitable for a web browser. + ''; + }; + socksPolicy = mkOption { type = types.nullOr types.str; default = null; |