me
/
guix
Archived
1
0
Fork 0
Code

services: tor: Deprecate 'tor-hidden-service' procedure. 

Due to (now renamed) 'hidden-service' record type not being exported, the only
way Onion services (formely hidden services) could have worked is through the
now deprecated 'tor-hidden-service' procedure.

This commit updates the Tor service documentation, corrects some inconsistently
named accessors in <tor-configuration> record-type, renames and refactors
tor-hidden-service-configuration to tor-onion-service-configuration using
define-configuration and also exports it, allowing Onion services to be
configured directly within a <tor-configuration> record.
Lastly, it also deprecates the 'tor-hidden-service' procedure.

* doc/guix.texi (Networking Services): Substitute mentions of “Hidden services”
with “Onion Services”. Add a Tor Onion service configuration example.
Document <tor-onion-service-configuration>. Remove mention of
'tor-hidden-service' procedure.
* gnu/services/networking.scm: Export tor-configuration-tor,
tor-configuration-config-file, tor-configuration-hidden-services,
tor-configuration-socks-socket-type, tor-configuration-control-socket-path,
tor-onion-service-configuration, tor-onion-service-configuration?,
tor-onion-service-configuration-name, tor-onion-service-configuration-mapping.
(<tor-configuration>)[control-socket?]: Rename accessor.
(<hidden-service>): Replace with …
(<tor-onion-service-configuration>): … this.
(tor-configuration->torrc): Update record-type name.
(tor-activation): Ditto.
(tor-hidden-service-type): Remove variable.
(tor-hidden-service): Deprecate procedure.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
master
Bruno Victal 2023-04-09 15:47:19 +01:00 committed by Ludovic Courtès
parent c354a345b9
commit 9be1ee6a49
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 79 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
doc/guix.texi
View File

@ -20604,11 +20604,22 @@ Spawn a proxy server listening to TLS connections on the specified port.
@cindex Tor @cindex Tor
@defvar tor-service-type @defvar tor-service-type
This is the type for a service that runs the @uref{https://torproject.org, Type for a service that runs the @uref{https://torproject.org, Tor}
Tor} anonymous networking daemon. The service is configured using a anonymous networking daemon. The service is configured using a
@code{<tor-configuration>} record. By default, the Tor daemon runs as the @code{<tor-configuration>} record. By default, the Tor daemon runs as the
@code{tor} unprivileged user, which is a member of the @code{tor} group. @code{tor} unprivileged user, which is a member of the @code{tor} group.
@cindex onion services, for Tor
Services of this type can be extended by other services to specify
@dfn{onion services} (in addition to those already specified in
@code{tor-configuration}) as in this example:
@lisp
(simple-service 'my-extra-onion-service tor-service-type
(list (tor-onion-service-configuration
(name "extra-onion-service")
(mapping '((80 . "127.0.0.1:8080"))))))
@end lisp
@end defvar @end defvar
@deftp {Data Type} tor-configuration @deftp {Data Type} tor-configuration
@ -20627,11 +20638,10 @@ file-like objects}). See @code{man tor} for details on the configuration file
syntax. syntax.
@item @code{hidden-services} (default: @code{'()}) @item @code{hidden-services} (default: @code{'()})
The list of @code{<hidden-service>} records to use. For any hidden service The list of @code{<tor-onion-service-configuration>} records to use.
you include in this list, appropriate configuration to enable the hidden For any onion service you include in this list, appropriate
service will be automatically added to the default configuration file. You configuration to enable the onion service will be automatically added to
may conveniently create @code{<hidden-service>} records using the the default configuration file.
@code{tor-hidden-service} procedure described below.
@item @code{socks-socket-type} (default: @code{'tcp}) @item @code{socks-socket-type} (default: @code{'tcp})
The default socket type that Tor should use for its SOCKS socket. This must The default socket type that Tor should use for its SOCKS socket. This must
@ -20656,26 +20666,30 @@ If @code{#t}, Tor will listen for control commands on the UNIX domain socket
@end table @end table
@end deftp @end deftp
@cindex hidden service @cindex onion service, tor
@deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping} @deftp {Data Type} tor-onion-service-configuration
Define a new Tor @dfn{hidden service} called @var{name} and implementing Data Type representing a Tor @dfn{Onion Service} configuration.
@var{mapping}. @var{mapping} is a list of port/host tuples, such as: See @url{https://community.torproject.org/onion-services/, the Tor
@example
'((22 "127.0.0.1:22")
(80 "127.0.0.1:8080"))
@end example
In this example, port 22 of the hidden service is mapped to local port 22, and
port 80 is mapped to local port 8080.
This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
the @file{hostname} file contains the @code{.onion} host name for the hidden
service.
See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
project's documentation} for more information. project's documentation} for more information.
@end deffn Available @code{tor-onion-service-configuration} fields are:
@table @asis
@item @code{name} (type: string)
Name for this Onion Service. This creates a
@file{/var/lib/tor/hidden-services/@var{name}} directory, where the
@file{hostname} file contains the @indicateurl{.onion} host name for this Onion
Service.
@item @code{mapping} (type: alist)
Association list of port to address mappings. The following example:
@lisp
'((22 . "127.0.0.1:22")
(80 . "127.0.0.1:8080"))
@end lisp
maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080.
@end table
@end deftp
The @code{(gnu services rsync)} module provides the following services: The @code{(gnu services rsync)} module provides the following services:

62
gnu/services/networking.scm
View File

@ -138,7 +138,16 @@
tor-configuration tor-configuration
tor-configuration? tor-configuration?
tor-hidden-service tor-configuration-tor
tor-configuration-config-file
tor-configuration-hidden-services
tor-configuration-socks-socket-type
tor-configuration-control-socket-path
tor-onion-service-configuration
tor-onion-service-configuration?
tor-onion-service-configuration-name
tor-onion-service-configuration-mapping
tor-hidden-service ; deprecated
tor-service-type tor-service-type
network-manager-configuration network-manager-configuration
@ -908,7 +917,7 @@ applications in communication. It is used by Jami, for example.")))
(default '())) (default '()))
(socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
(default 'tcp)) (default 'tcp))
(control-socket? tor-control-socket-path (control-socket? tor-configuration-control-socket-path
(default #f))) (default #f)))
(define %tor-accounts (define %tor-accounts
@ -922,11 +931,22 @@ applications in communication. It is used by Jami, for example.")))
(home-directory "/var/empty") (home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin"))))) (shell (file-append shadow "/sbin/nologin")))))
(define-record-type <hidden-service> (define-configuration/no-serialization tor-onion-service-configuration
(hidden-service name mapping) (name
hidden-service? string
(name hidden-service-name) ;string "Name for this Onion Service. This creates a
(mapping hidden-service-mapping)) ;list of port/address tuples @file{/var/lib/tor/hidden-services/@var{name}} directory, where the
@file{hostname} file contains the @indicateurl{.onion} host name for this
Onion Service.")
(mapping
alist
"Association list of port to address mappings. The following example:
@lisp
'((22 . \"127.0.0.1:22\")
(80 . \"127.0.0.1:8080\"))
@end lisp
maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080."))
(define (tor-configuration->torrc config) (define (tor-configuration->torrc config)
"Return a 'torrc' file for CONFIG." "Return a 'torrc' file for CONFIG."
@ -966,7 +986,7 @@ HiddenServicePort ~a ~a~%"
tcp-port host)) tcp-port host))
ports hosts))) ports hosts)))
'#$(map (match-lambda '#$(map (match-lambda
(($ <hidden-service> name mapping) (($ <tor-onion-service-configuration> name mapping)
(cons name mapping))) (cons name mapping)))
hidden-services)) hidden-services))
@ -1053,7 +1073,7 @@ HiddenServicePort ~a ~a~%"
(chmod "/var/lib" #o755) (chmod "/var/lib" #o755)
(for-each initialize (for-each initialize
'#$(map hidden-service-name '#$(map tor-onion-service-configuration-name
(tor-configuration-hidden-services config))))) (tor-configuration-hidden-services config)))))
(define tor-service-type (define tor-service-type
@ -1066,7 +1086,7 @@ HiddenServicePort ~a ~a~%"
(service-extension activation-service-type (service-extension activation-service-type
tor-activation))) tor-activation)))
;; This can be extended with hidden services. ;; This can be extended with Tor Onion Services.
(compose concatenate) (compose concatenate)
(extend (lambda (config services) (extend (lambda (config services)
(tor-configuration (tor-configuration
@ -1079,21 +1099,14 @@ HiddenServicePort ~a ~a~%"
"Run the @uref{https://torproject.org, Tor} anonymous "Run the @uref{https://torproject.org, Tor} anonymous
networking daemon."))) networking daemon.")))
(define tor-hidden-service-type (define-deprecated (tor-hidden-service name mapping)
;; A type that extends Tor with hidden services. #f
(service-type (name 'tor-hidden-service)
(extensions
(list (service-extension tor-service-type list)))
(description
"Define a new Tor @dfn{hidden service}.")))
(define (tor-hidden-service name mapping)
"Define a new Tor @dfn{hidden service} called @var{name} and implementing "Define a new Tor @dfn{hidden service} called @var{name} and implementing
@var{mapping}. @var{mapping} is a list of port/host tuples, such as: @var{mapping}. @var{mapping} is a list of port/host tuples, such as:
@example @example
'((22 \"127.0.0.1:22\") '((22 . \"127.0.0.1:22\")
(80 \"127.0.0.1:8080\")) (80 . \"127.0.0.1:8080\"))
@end example @end example
In this example, port 22 of the hidden service is mapped to local port 22, and In this example, port 22 of the hidden service is mapped to local port 22, and
@ -1105,8 +1118,11 @@ service.
See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
project's documentation} for more information." project's documentation} for more information."
(service tor-hidden-service-type (simple-service 'tor-hidden-service
(hidden-service name mapping))) tor-service-type
(list (tor-onion-service-configuration
(name name)
(mapping mapping)))))
;;; ;;;