(address . guix-patches@gnu.org)
87czx1orvf.fsf@dustycloud.org
This allows users to have an easy way to enable control sockets for Tor.
Turning it on does so via a unix domain socket. Intentionally I did not
add the localhost+port path because I feel unsure about the safety of
that, and nobodey has yet demonstrated a need.
I suppose another nice option might be to let the user specify a
specific path, but we didn't allow that for the socks-sock, so I was too
lazy to allow it here either.
From b85d5d49678ae11fd5a855acddbc78be123d863c Mon Sep 17 00:00:00 2001
From: Christopher Lemmer Webber <cwebber@dustycloud.org>
Date: Mon, 15 Feb 2021 17:57:04 -0500
Subject: [PATCH] services: tor: Add control-socket? option.
* doc/guix.texi (Networking Services): Document new `control-socket?'
option for `tor-configuration`.
* gnu/services/networking.scm (<tor-configuration>):
(tor-configuration->torrc):
---
doc/guix.texi | 9 ++++++++-
gnu/services/networking.scm | 13 +++++++++++--
2 files changed, 19 insertions(+), 3 deletions(-)
Toggle diff (74 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 535c98a453..81cc24e0e3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -45,7 +45,7 @@ Copyright @copyright{} 2017 Federico Beffa@*
Copyright @copyright{} 2017, 2018 Carlo Zancanaro@*
Copyright @copyright{} 2017 Thomas Danckaert@*
Copyright @copyright{} 2017 humanitiesNerd@*
-Copyright @copyright{} 2017 Christopher Allan Webber@*
+Copyright @copyright{} 2017, 2021 Christopher Lemmer Webber@*
Copyright @copyright{} 2017, 2018, 2019, 2020 Marius Bakke@*
Copyright @copyright{} 2017, 2019, 2020 Hartmut Goebel@*
Copyright @copyright{} 2017, 2019, 2020, 2021 Maxim Cournoyer@*
@@ -16578,6 +16578,13 @@ If you want to customize the SOCKS socket in more detail, leave
@end table
@end deftp
+@item @code{control-socket?} (default: @code{#f})
+Whether or not to provide a ``control socket'' by which Tor can be
+controlled to, for instance, dynamically instantiate tor onion services.
+If @code{#t}, Tor will listen for control commands on the UNIX domain socket
+@file{/var/run/tor/control-sock}, which will be made writable by members of the
+@code{tor} group.
+
@cindex hidden service
@deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping}
Define a new Tor @dfn{hidden service} called @var{name} and implementing
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index a4d4ac0646..231a9f66c7 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -15,6 +15,7 @@
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2021 Christopher Lemmer Webber <cwebber@dustycloud.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -744,7 +745,9 @@ demand.")))
(hidden-services tor-configuration-hidden-services
(default '()))
(socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
- (default 'tcp)))
+ (default 'tcp))
+ (control-socket? tor-control-socket-path
+ (default #f)))
(define %tor-accounts
;; User account and groups for Tor.
@@ -766,7 +769,8 @@ demand.")))
(define (tor-configuration->torrc config)
"Return a 'torrc' file for CONFIG."
(match config
- (($ <tor-configuration> tor config-file services socks-socket-type)
+ (($ <tor-configuration> tor config-file services
+ socks-socket-type control-socket?)
(computed-file
"torrc"
(with-imported-modules '((guix build utils))
@@ -786,6 +790,11 @@ Log notice syslog\n" port)
(display "\
SocksPort unix:/var/run/tor/socks-sock
UnixSocksGroupWritable 1\n" port))
+ (when #$control-socket?
+ (display "\
+ControlSocket unix:/var/run/tor/control-sock GroupWritable RelaxDirModeCheck
+ControlSocketsGroupWritable 1\n"
+ port))
(for-each (match-lambda
((service (ports hosts) ...)
--
2.30.0