diff options
author | Joachim F <joachifm@users.noreply.github.com> | 2017-03-17 16:14:41 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-03-17 16:14:41 +0100 |
commit | 01f8e2161c5a89cba6e3efba128fa0b963c8aaea (patch) | |
tree | d82185f2236e46ddd8221b4974692a40151d2a24 /nixos | |
parent | 3728143cbcead48f387dd7297f76138a82ed04de (diff) | |
parent | a04782581a96d5ee8b4001701432599959ac2dc2 (diff) | |
download | nixlib-01f8e2161c5a89cba6e3efba128fa0b963c8aaea.tar nixlib-01f8e2161c5a89cba6e3efba128fa0b963c8aaea.tar.gz nixlib-01f8e2161c5a89cba6e3efba128fa0b963c8aaea.tar.bz2 nixlib-01f8e2161c5a89cba6e3efba128fa0b963c8aaea.tar.lz nixlib-01f8e2161c5a89cba6e3efba128fa0b963c8aaea.tar.xz nixlib-01f8e2161c5a89cba6e3efba128fa0b963c8aaea.tar.zst nixlib-01f8e2161c5a89cba6e3efba128fa0b963c8aaea.zip |
Merge pull request #23962 from oxij/nixos/tor-sec
nixos: tor: usability and security fixes
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/security/tor.nix | 16 | ||||
-rw-r--r-- | nixos/modules/services/security/torify.nix | 16 |
2 files changed, 28 insertions, 4 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 47f863b96df2..3b4d77a6f7b1 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -12,6 +12,10 @@ let torRc = '' User tor DataDirectory ${torDirectory} + ${optionalString cfg.enableGeoIP '' + GeoIPFile ${pkgs.tor.geoip}/share/tor/geoip + GeoIPv6File ${pkgs.tor.geoip}/share/tor/geoip6 + ''} ${optint "ControlPort" cfg.controlPort} '' @@ -58,6 +62,18 @@ in ''; }; + enableGeoIP = mkOption { + type = types.bool; + default = true; + description = '' + Whenever to configure Tor daemon to use GeoIP databases. + + Disabling this will disable by-country statistics for + bridges and relays and some client and third-party software + functionality. + ''; + }; + extraConfig = mkOption { type = types.lines; default = ""; diff --git a/nixos/modules/services/security/torify.nix b/nixos/modules/services/security/torify.nix index a81cdbbc172f..a29cb3f33dae 100644 --- a/nixos/modules/services/security/torify.nix +++ b/nixos/modules/services/security/torify.nix @@ -19,15 +19,23 @@ in { ###### interface - + options = { - + services.tor.tsocks = { enable = mkOption { - default = cfg.enable && cfg.client.enable; + default = false; description = '' - Whether to build tsocks wrapper script to relay application traffic via TOR. + Whether to build tsocks wrapper script to relay application traffic via Tor. + + <important> + <para>You shouldn't use this unless you know what you're + doing because your installation of Tor already comes with + its own superior (doesn't leak DNS queries) + <literal>torsocks</literal> wrapper which does pretty much + exactly the same thing as this.</para> + </important> ''; }; |