diff options
author | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2018-10-17 08:56:59 -0400 |
---|---|---|
committer | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2018-10-17 08:56:59 -0400 |
commit | 4a71e2942c11d77d7de8234b18ba7853a2e160a8 (patch) | |
tree | 3c6e80530ffe1fff804a6cb5eccee4790d97226d /nixos | |
parent | 7dea8e403e5540d1c1fe1b5f1003f81bb0971eb5 (diff) |
nixos/tor: better support non-anonymous services
Tor requires ``SOCKSPort 0`` when non-anonymous hidden services are enabled. If the configuration doesn't enable Tor client features, generate a configuration file that explicitly includes this disabling to allow such non-anonymous hidden services to be created (note that doing so still requires additional configuration). See #48622.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/security/tor.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 9b6d4be9bda83..aca2cf8cdeaa3 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -57,6 +57,11 @@ let AutomapHostsSuffixes ${concatStringsSep "," cfg.client.dns.automapHostsSuffixes} ''} '' + # Explicitly disable the SOCKS server if the client is disabled. In + # particular, this makes non-anonymous hidden services possible. + + optionalString (! cfg.client.enable) '' + SOCKSPort 0 + '' # Relay config + optionalString cfg.relay.enable '' ORPort ${toString cfg.relay.port} |