aboutsummaryrefslogtreecommitdiff
path: root/gnu/services/networking.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services/networking.scm')
-rw-r--r--gnu/services/networking.scm22
1 files changed, 19 insertions, 3 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index d5d0cf9d1d..66772e48b7 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -612,6 +613,7 @@ demand.")))
### These lines were generated from your system configuration:
User tor
DataDirectory /var/lib/tor
+PidFile /var/run/tor/tor.pid
Log notice syslog\n" port)
(for-each (match-lambda
@@ -639,7 +641,7 @@ HiddenServicePort ~a ~a~%"
#t))))))))
(define (tor-shepherd-service config)
- "Return a <shepherd-service> running TOR."
+ "Return a <shepherd-service> running Tor."
(match config
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
@@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%"
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
- (target source)))))
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t)))
+ #:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
(documentation "Run the Tor anonymous network overlay."))))))))
(define (tor-hidden-service-activation config)
- "Return the activation gexp for SERVICES, a list of hidden services."
+ "Set up directories for Tor and its hidden services, if any."
#~(begin
(use-modules (guix build utils))
@@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%"
;; The daemon bails out if we give wider permissions.
(chmod directory #o700)))
+ ;; Allow Tor to write its PID file.
+ (mkdir-p "/var/run/tor")
+ (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
+ ;; Set the group permissions to rw so that if the system administrator
+ ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
+ ;; of the "tor" group will be able to use the SOCKS socket.
+ (chmod "/var/run/tor" #o750)
+
+ ;; Allow Tor to access the hidden services' directories.
(mkdir-p "/var/lib/tor")
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
(chmod "/var/lib/tor" #o700)