From 6629099a635118a9fd72892ec4b13442b811059c Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 27 Nov 2015 23:29:51 +0100 Subject: services: tor: Store private data under /var/lib/tor. * gnu/services/networking.scm (tor-configuration->torrc): Add 'DataDirectory' clause. Change 'HiddenServiceDir' to /var/lib/tor/hidden-services/NAME. (tor-hidden-service-activation): Create /var/lib/tor. (tor-hidden-service): Adjust docstring. * doc/guix.texi (Networking Services): Adjust accordingly. --- gnu/services/networking.scm | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'gnu') diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 0c545124c7..ce21b1d9ff 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -351,12 +351,13 @@ (define (tor-configuration->torrc config) (display "\ # The beginning was automatically added. User tor +DataDirectory /var/lib/tor Log notice syslog\n" port) (for-each (match-lambda ((service (ports hosts) ...) (format port "\ -HiddenServiceDir /var/lib/tor/~a~%" +HiddenServiceDir /var/lib/tor/hidden-services/~a~%" service) (for-each (lambda (tcp-port host) (format port "\ @@ -397,16 +398,22 @@ (define (tor-hidden-service-activation config) #~(begin (use-modules (guix build utils)) + (define %user + (getpw "tor")) + (define (initialize service) - (let ((directory (string-append "/var/lib/tor/" - service)) - (user (getpw "tor"))) + (let ((directory (string-append "/var/lib/tor/hidden-services/" + service))) (mkdir-p directory) - (chown directory (passwd:uid user) (passwd:gid user)) + (chown directory (passwd:uid %user) (passwd:gid %user)) ;; The daemon bails out if we give wider permissions. (chmod directory #o700))) + (mkdir-p "/var/lib/tor") + (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user)) + (chmod "/var/lib/tor" #o700) + (for-each initialize '#$(map hidden-service-name (tor-configuration-hidden-services config))))) @@ -462,8 +469,8 @@ (define (tor-hidden-service name mapping) In this example, port 22 of the hidden service is mapped to local port 22, and port 80 is mapped to local port 8080. -This creates a @file{/var/lib/tor/@var{name}} directory, where the -@file{hostname} file contains the @code{.onion} host name for the hidden +This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where +the @file{hostname} file contains the @code{.onion} host name for the hidden service. See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor -- cgit v1.2.3