nixpkgs/nixos/modules/services/security/torify.nix
Jan Malakhovski a04782581a nixos: torify: disable by default, add some documentation as of why
This `tsocks` wrapper leaks DNS requests to clearnet, meanwhile Tor comes with
`torsocks` which doesn't.

Previous commits to this file state that all of this still useful somehow.
Assuming that it's true, at least let's not confuse users with two different tools
and don't clash with the `tsocks` binary from nixpkgs by disabling this by default.
2017-03-16 21:06:12 +00:00

77 lines
1.8 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tor;
torify = pkgs.writeTextFile {
name = "tsocks";
text = ''
#!${pkgs.stdenv.shell}
TSOCKS_CONF_FILE=${pkgs.writeText "tsocks.conf" cfg.tsocks.config} LD_PRELOAD="${pkgs.tsocks}/lib/libtsocks.so $LD_PRELOAD" "$@"
'';
executable = true;
destination = "/bin/tsocks";
};
in
{
###### interface
options = {
services.tor.tsocks = {
enable = mkOption {
default = false;
description = ''
Whether to build tsocks wrapper script to relay application traffic via Tor.
<important>
<para>You shouldn't use this unless you know what you're
doing because your installation of Tor already comes with
its own superior (doesn't leak DNS queries)
<literal>torsocks</literal> wrapper which does pretty much
exactly the same thing as this.</para>
</important>
'';
};
server = mkOption {
default = "localhost:9050";
example = "192.168.0.20";
description = ''
IP address of TOR client to use.
'';
};
config = mkOption {
default = "";
description = ''
Extra configuration. Contents will be added verbatim to TSocks
configuration file.
'';
};
};
};
###### implementation
config = mkIf cfg.tsocks.enable {
environment.systemPackages = [ torify ]; # expose it to the users
services.tor.tsocks.config = ''
server = ${toString(head (splitString ":" cfg.tsocks.server))}
server_port = ${toString(tail (splitString ":" cfg.tsocks.server))}
local = 127.0.0.0/255.128.0.0
local = 127.128.0.0/255.192.0.0
'';
};
}