diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-12-15 21:30:24 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-12-16 12:20:03 +0000 |
commit | e17d4b05a12fe1b567ef4d55d2f01c23ff48228d (patch) | |
tree | 77c4b87889780d574337ca13d569c037257c7ea7 /nixos/modules/services/security/tor.nix | |
parent | cd75006f1abd1671f2367b8cfd9406b32f5296da (diff) |
nixos/tor: don't do privoxy stuff by default
It's very surprising that services.tor.client.enable would set services.privoxy.enable. This violates the principle of least astonishment, because it's Privoxy that can integrate with Tor, rather than the other way around. So this patch moves the Privoxy Tor integration to the Privoxy module, and it also disables it by default. This change is documented in the release notes. Reported-by: V <v@anomalous.eu>
Diffstat (limited to 'nixos/modules/services/security/tor.nix')
-rw-r--r-- | nixos/modules/services/security/tor.nix | 31 |
1 files changed, 3 insertions, 28 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 38dc378887a83..1cceee065b1bb 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -107,6 +107,9 @@ let in { imports = [ + (mkRemovedOptionModule [ "services" "tor" "client" "privoxy" "enable" ] '' + Use services.privoxy.enable and services.privoxy.enableTor instead. + '') (mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ]) (mkRemovedOptionModule [ "services" "tor" "relay" "isBridge" ] "Use services.tor.relay.role instead.") (mkRemovedOptionModule [ "services" "tor" "relay" "isExit" ] "Use services.tor.relay.role instead.") @@ -270,23 +273,6 @@ in description = "List of suffixes to use with automapHostsOnResolve"; }; }; - - privoxy.enable = mkOption { - type = types.bool; - default = true; - description = '' - Whether to enable and configure the system Privoxy to use Tor's - faster port, suitable for HTTP. - - To have anonymity, protocols need to be scrubbed of identifying - information, and this can be accomplished for HTTP by Privoxy. - - Privoxy can also be useful for KDE torification. A good setup would be: - setting SOCKS proxy to the default Tor port, providing maximum - circuit isolation where possible; and setting HTTP proxy to Privoxy - to route HTTP traffic over faster, but less isolated port. - ''; - }; }; relay = { @@ -784,16 +770,5 @@ in }; environment.systemPackages = [ cfg.package ]; - - services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) { - enable = true; - extraConfig = '' - forward-socks4a / ${cfg.client.socksListenAddressFaster} . - toggle 1 - enable-remote-toggle 0 - enable-edit-actions 0 - enable-remote-http-toggle 0 - ''; - }; }; } |