nixos/tor: don't do privoxy stuff by default (e17d4b05) · Commits · nix / nixpkgs

nixos/doc/manual/release-notes/rl-2103.xml

+13 −0

Original line number	Diff line number	Diff line
		@@ -265,6 +265,19 @@
		located in <literal>/run/rspamd</literal> instead of <literal>/run</literal>.
		</para>
		</listitem>
		<listitem>
		<para>
		Enabling the Tor client no longer silently also enables and
		configures Privoxy, and the
		<varname>services.tor.client.privoxy.enable</varname> option has
		been removed. To enable Privoxy, and to configure it to use
		Tor's faster port, use the following configuration:
		</para>
		<programlisting>
		<xref linkend="opt-services.privoxy.enable" /> = true;
		<xref linkend="opt-services.privoxy.enableTor" /> = true;
		</programlisting>
		</listitem>
		</itemizedlist>
		</section>

nixos/modules/services/networking/privoxy.nix

+18 −2

Original line number	Diff line number	Diff line
		@@ -8,15 +8,22 @@ let

		cfg = config.services.privoxy;

		confFile = pkgs.writeText "privoxy.conf" ''
		confFile = pkgs.writeText "privoxy.conf" (''
		user-manual ${privoxy}/share/doc/privoxy/user-manual
		confdir ${privoxy}/etc/
		listen-address ${cfg.listenAddress}
		enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"}
		${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles}
		${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles}
		'' + optionalString cfg.enableTor ''
		forward-socks4a / ${config.services.tor.client.socksListenAddressFaster} .
		toggle 1
		enable-remote-toggle 0
		enable-edit-actions 0
		enable-remote-http-toggle 0
		'' + ''
		${cfg.extraConfig}
		'';
		'');

		in

		@@ -72,6 +79,15 @@ in
		'';
		};

		enableTor = mkOption {
		type = types.bool;
		default = false;
		description = ''
		Whether to configure Privoxy to use Tor's faster SOCKS port,
		suitable for HTTP.
		'';
		};

		extraConfig = mkOption {
		type = types.lines;
		default = "" ;

nixos/modules/services/security/tor.nix

+3 −28

Original line number	Diff line number	Diff line
		@@ -107,6 +107,9 @@ let
		in
		{
		imports = [
		(mkRemovedOptionModule [ "services" "tor" "client" "privoxy" "enable" ] ''
		Use services.privoxy.enable and services.privoxy.enableTor instead.
		'')
		(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
		(mkRemovedOptionModule [ "services" "tor" "relay" "isBridge" ] "Use services.tor.relay.role instead.")
		(mkRemovedOptionModule [ "services" "tor" "relay" "isExit" ] "Use services.tor.relay.role instead.")
		@@ -270,23 +273,6 @@ in
		description = "List of suffixes to use with automapHostsOnResolve";
		};
		};

		privoxy.enable = mkOption {
		type = types.bool;
		default = true;
		description = ''
		Whether to enable and configure the system Privoxy to use Tor's
		faster port, suitable for HTTP.

		To have anonymity, protocols need to be scrubbed of identifying
		information, and this can be accomplished for HTTP by Privoxy.

		Privoxy can also be useful for KDE torification. A good setup would be:
		setting SOCKS proxy to the default Tor port, providing maximum
		circuit isolation where possible; and setting HTTP proxy to Privoxy
		to route HTTP traffic over faster, but less isolated port.
		'';
		};
		};

		relay = {
		@@ -784,16 +770,5 @@ in
		};

		environment.systemPackages = [ cfg.package ];

		services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) {
		enable = true;
		extraConfig = ''
		forward-socks4a / ${cfg.client.socksListenAddressFaster} .
		toggle 1
		enable-remote-toggle 0
		enable-edit-actions 0
		enable-remote-http-toggle 0
		'';
		};
		};
		}

Admin message