services: Add Tor service.

* gnu/services/networking.scm (tor-service): New procedure.
* doc/guix.texi (Networking Services): Document it.
* build-aux/hydra/demo-os.scm: Use it.  Add TOR and TORSOCKS to
  'packages'.
This commit is contained in:
Ludovic Courtès 2014-07-12 23:14:10 +02:00
parent 8897603ad0
commit 927097effd
3 changed files with 47 additions and 2 deletions

View file

@ -27,6 +27,7 @@
(gnu packages xorg)
(gnu packages avahi)
(gnu packages linux)
(gnu packages tor)
(gnu services networking)
(gnu services avahi)
@ -79,10 +80,13 @@
(avahi-service)
(dbus-service (list avahi))
(tor-service)
%base-services))
(pam-services
;; Explicitly allow for empty passwords.
(base-pam-services #:allow-empty-passwords? #t))
(packages (cons* strace xterm avahi %base-packages)))
(packages (cons* strace
tor torsocks
xterm avahi %base-packages)))

View file

@ -3460,6 +3460,13 @@ Return a service that starts @var{interface} with address @var{ip}. If
gateway.
@end deffn
@deffn {Monadic Procedure} tor-service [#:tor tor]
Return a service to run the @uref{https://torproject.org,Tor} daemon.
The daemon runs with the default settings (in particular the default exit
policy) as the @code{tor} unprivileged user.
@end deffn
In addition, @code{(gnu system ssh)} provides the following service.
@deffn {Monadic Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @

View file

@ -18,11 +18,14 @@
(define-module (gnu services networking)
#:use-module (gnu services)
#:use-module (gnu system shadow)
#:use-module (gnu packages admin)
#:use-module (gnu packages linux)
#:use-module (gnu packages tor)
#:use-module (guix gexp)
#:use-module (guix monads)
#:export (static-networking-service))
#:export (static-networking-service
tor-service))
;;; Commentary:
;;;
@ -85,4 +88,35 @@ (define* (static-networking-service interface ip
#t)))))
(respawn? #f)))))
(define* (tor-service #:key (tor tor))
"Return a service to run the @uref{https://torproject.org,Tor} daemon.
The daemon runs with the default settings (in particular the default exit
policy) as the @code{tor} unprivileged user."
(mlet %store-monad ((torrc (text-file "torrc" "User tor\n")))
(return
(service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback))
(start #~(make-forkexec-constructor
(list (string-append #$tor "/bin/tor") "-f" #$torrc)))
(stop #~(make-kill-destructor))
(user-groups (list (user-group
(name "tor"))))
(user-accounts (list (user-account
(name "tor")
(group "tor")
(system? #t)
(comment "Tor daemon user")
(home-directory "/var/empty")
(shell
"/run/current-system/profile/sbin/nologin"))))
(documentation "Run the Tor anonymous network overlay.")))))
;;; networking.scm ends here