summary refs log tree commit diff
path: root/nixos/modules/services/security
diff options
context:
space:
mode:
authorJoachim F <joachifm@users.noreply.github.com>2018-10-21 18:27:02 +0000
committerGitHub <noreply@github.com>2018-10-21 18:27:02 +0000
commitca127588c13d5e87c826d2f2e342db4af18daa24 (patch)
treecbfb6c8ede8985cb34b89c457910ea8687ead2b4 /nixos/modules/services/security
parent9c39154a9622f2643a5d258162d6ae09c198004a (diff)
parent4a71e2942c11d77d7de8234b18ba7853a2e160a8 (diff)
downloadnixlib-ca127588c13d5e87c826d2f2e342db4af18daa24.tar
nixlib-ca127588c13d5e87c826d2f2e342db4af18daa24.tar.gz
nixlib-ca127588c13d5e87c826d2f2e342db4af18daa24.tar.bz2
nixlib-ca127588c13d5e87c826d2f2e342db4af18daa24.tar.lz
nixlib-ca127588c13d5e87c826d2f2e342db4af18daa24.tar.xz
nixlib-ca127588c13d5e87c826d2f2e342db4af18daa24.tar.zst
nixlib-ca127588c13d5e87c826d2f2e342db4af18daa24.zip
Merge pull request #48625 from exarkun/48622.tor-disable-socksport
nixos/tor: better support non-anonymous services
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r--nixos/modules/services/security/tor.nix5
1 files changed, 5 insertions, 0 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
index 9b6d4be9bda8..aca2cf8cdeaa 100644
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@@ -57,6 +57,11 @@ let
     AutomapHostsSuffixes ${concatStringsSep "," cfg.client.dns.automapHostsSuffixes}
     ''}
   ''
+  # Explicitly disable the SOCKS server if the client is disabled.  In
+  # particular, this makes non-anonymous hidden services possible.
+  + optionalString (! cfg.client.enable) ''
+  SOCKSPort 0
+  ''
   # Relay config
   + optionalString cfg.relay.enable ''
     ORPort ${toString cfg.relay.port}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-15 20:45:52 +0000