M build-aux/hydra/demo-os.scm => build-aux/hydra/demo-os.scm +5 -1
@@ 27,6 27,7 @@
(gnu packages xorg)
(gnu packages avahi)
(gnu packages linux)
+ (gnu packages tor)
(gnu services networking)
(gnu services avahi)
@@ 79,10 80,13 @@ You can log in as 'guest' or 'root' with no password.
(avahi-service)
(dbus-service (list avahi))
+ (tor-service)
%base-services))
(pam-services
;; Explicitly allow for empty passwords.
(base-pam-services #:allow-empty-passwords? #t))
- (packages (cons* strace xterm avahi %base-packages)))
+ (packages (cons* strace
+ tor torsocks
+ xterm avahi %base-packages)))
M doc/guix.texi => doc/guix.texi +7 -0
@@ 3460,6 3460,13 @@ Return a service that starts @var{interface} with address @var{ip}. If
gateway.
@end deffn
+@deffn {Monadic Procedure} tor-service [#:tor tor]
+Return a service to run the @uref{https://torproject.org,Tor} daemon.
+
+The daemon runs with the default settings (in particular the default exit
+policy) as the @code{tor} unprivileged user.
+@end deffn
+
In addition, @code{(gnu system ssh)} provides the following service.
@deffn {Monadic Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @
M gnu/services/networking.scm => gnu/services/networking.scm +35 -1
@@ 18,11 18,14 @@
(define-module (gnu services networking)
#:use-module (gnu services)
+ #:use-module (gnu system shadow)
#:use-module (gnu packages admin)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages tor)
#:use-module (guix gexp)
#:use-module (guix monads)
- #:export (static-networking-service))
+ #:export (static-networking-service
+ tor-service))
;;; Commentary:
;;;
@@ 85,4 88,35 @@ gateway."
#t)))))
(respawn? #f)))))
+(define* (tor-service #:key (tor tor))
+ "Return a service to run the @uref{https://torproject.org,Tor} daemon.
+
+The daemon runs with the default settings (in particular the default exit
+policy) as the @code{tor} unprivileged user."
+ (mlet %store-monad ((torrc (text-file "torrc" "User tor\n")))
+ (return
+ (service
+ (provision '(tor))
+
+ ;; Tor needs at least one network interface to be up, hence the
+ ;; dependency on 'loopback'.
+ (requirement '(user-processes loopback))
+
+ (start #~(make-forkexec-constructor
+ (list (string-append #$tor "/bin/tor") "-f" #$torrc)))
+ (stop #~(make-kill-destructor))
+
+ (user-groups (list (user-group
+ (name "tor"))))
+ (user-accounts (list (user-account
+ (name "tor")
+ (group "tor")
+ (system? #t)
+ (comment "Tor daemon user")
+ (home-directory "/var/empty")
+ (shell
+ "/run/current-system/profile/sbin/nologin"))))
+
+ (documentation "Run the Tor anonymous network overlay.")))))
+
;;; networking.scm ends here