Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Commit 16a1b0e5 authored Sep 07, 2025 by euxane

nixos/tor: add onion service unix sockets to BindPaths

Setting up an onion service with a UNIX socket with
`services.tor.relay.onionServices.<name>.target.unix` didn't work out
of the box because the tor service runs within an isolated root.
This adds the missing path binding to make this work.

parent 8eb28adf

nixos/modules/services/security/tor.nix

+8 −1

Original line number	Diff line number	Diff line
		@@ -1410,7 +1410,14 @@ in
		RootDirectoryStartOnly = true;
		#InaccessiblePaths = [ "-+${runDir}/root" ];
		UMask = "0066";
		BindPaths = [ stateDir ];
		BindPaths = [
		stateDir
		]
		++ lib.catAttrs "unix" (
		lib.catAttrs "target" (
		lib.concatMap (onionService: onionService.map) (lib.attrValues cfg.relay.onionServices)
		)
		);
		BindReadOnlyPaths = [
		builtins.storeDir
		"/etc"

Admin message