diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-11-27 23:29:51 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-11-27 23:29:51 +0100 |
commit | 6629099a635118a9fd72892ec4b13442b811059c (patch) | |
tree | 4e9c9da1614536879ec08163519d66947ec5c5f0 | |
parent | 5ee35eb747206a1d70bdeb979be88da47caa9f6f (diff) |
services: tor: Store private data under /var/lib/tor.
* gnu/services/networking.scm (tor-configuration->torrc): Add
'DataDirectory' clause. Change 'HiddenServiceDir' to
/var/lib/tor/hidden-services/NAME.
(tor-hidden-service-activation): Create /var/lib/tor.
(tor-hidden-service): Adjust docstring.
* doc/guix.texi (Networking Services): Adjust accordingly.
-rw-r--r-- | doc/guix.texi | 4 | ||||
-rw-r--r-- | gnu/services/networking.scm | 21 |
2 files changed, 16 insertions, 9 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 2252bf9c18..ab1e4be20f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6597,8 +6597,8 @@ Define a new Tor @dfn{hidden service} called @var{name} and implementing In this example, port 22 of the hidden service is mapped to local port 22, and port 80 is mapped to local port 8080. -This creates a @file{/var/lib/tor/@var{name}} directory, where the -@file{hostname} file contains the @code{.onion} host name for the hidden +This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where +the @file{hostname} file contains the @code{.onion} host name for the hidden service. See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 0c545124c7..ce21b1d9ff 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -351,12 +351,13 @@ keep the system clock synchronized with that of @var{servers}." (display "\ # The beginning was automatically added. User tor +DataDirectory /var/lib/tor Log notice syslog\n" port) (for-each (match-lambda ((service (ports hosts) ...) (format port "\ -HiddenServiceDir /var/lib/tor/~a~%" +HiddenServiceDir /var/lib/tor/hidden-services/~a~%" service) (for-each (lambda (tcp-port host) (format port "\ @@ -397,16 +398,22 @@ HiddenServicePort ~a ~a~%" #~(begin (use-modules (guix build utils)) + (define %user + (getpw "tor")) + (define (initialize service) - (let ((directory (string-append "/var/lib/tor/" - service)) - (user (getpw "tor"))) + (let ((directory (string-append "/var/lib/tor/hidden-services/" + service))) (mkdir-p directory) - (chown directory (passwd:uid user) (passwd:gid user)) + (chown directory (passwd:uid %user) (passwd:gid %user)) ;; The daemon bails out if we give wider permissions. (chmod directory #o700))) + (mkdir-p "/var/lib/tor") + (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user)) + (chmod "/var/lib/tor" #o700) + (for-each initialize '#$(map hidden-service-name (tor-configuration-hidden-services config))))) @@ -462,8 +469,8 @@ and lines for hidden services added via @code{tor-hidden-service}. Run In this example, port 22 of the hidden service is mapped to local port 22, and port 80 is mapped to local port 8080. -This creates a @file{/var/lib/tor/@var{name}} directory, where the -@file{hostname} file contains the @code{.onion} host name for the hidden +This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where +the @file{hostname} file contains the @code{.onion} host name for the hidden service. See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor |