From 927097effdab473d2a344e6de75a85ec734df5dc Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sat, 12 Jul 2014 23:14:10 +0200 Subject: services: Add Tor service. * gnu/services/networking.scm (tor-service): New procedure. * doc/guix.texi (Networking Services): Document it. * build-aux/hydra/demo-os.scm: Use it. Add TOR and TORSOCKS to 'packages'. --- gnu/services/networking.scm | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 7abcd9ed15..502b0d85f1 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -18,11 +18,14 @@ (define-module (gnu services networking) #:use-module (gnu services) + #:use-module (gnu system shadow) #:use-module (gnu packages admin) #:use-module (gnu packages linux) + #:use-module (gnu packages tor) #:use-module (guix gexp) #:use-module (guix monads) - #:export (static-networking-service)) + #:export (static-networking-service + tor-service)) ;;; Commentary: ;;; @@ -85,4 +88,35 @@ gateway." #t))))) (respawn? #f))))) +(define* (tor-service #:key (tor tor)) + "Return a service to run the @uref{https://torproject.org,Tor} daemon. + +The daemon runs with the default settings (in particular the default exit +policy) as the @code{tor} unprivileged user." + (mlet %store-monad ((torrc (text-file "torrc" "User tor\n"))) + (return + (service + (provision '(tor)) + + ;; Tor needs at least one network interface to be up, hence the + ;; dependency on 'loopback'. + (requirement '(user-processes loopback)) + + (start #~(make-forkexec-constructor + (list (string-append #$tor "/bin/tor") "-f" #$torrc))) + (stop #~(make-kill-destructor)) + + (user-groups (list (user-group + (name "tor")))) + (user-accounts (list (user-account + (name "tor") + (group "tor") + (system? #t) + (comment "Tor daemon user") + (home-directory "/var/empty") + (shell + "/run/current-system/profile/sbin/nologin")))) + + (documentation "Run the Tor anonymous network overlay."))))) + ;;; networking.scm ends here -- cgit 1.4.1