services: Add Tor service.

* gnu/services/networking.scm (tor-service): New procedure. * doc/guix.texi (Networking Services): Document it. * build-aux/hydra/demo-os.scm: Use it. Add TOR and TORSOCKS to 'packages'.

services: Add Tor service.
927097ef · Ludovic Courtès · 8897603a · 927097ef · 927097ef · 927097ef
Commit 927097ef authored 10 years ago by Ludovic Courtès
--- a/build-aux/hydra/demo-os.scm
+++ b/build-aux/hydra/demo-os.scm
@@ -27,6 +27,7 @@
             (gnu packages xorg)
             (gnu packages avahi)
             (gnu packages linux)
+             (gnu packages tor)
             (gnu services networking)
             (gnu services avahi)
@@ -79,10 +80,13 @@
                  (avahi-service)
                  (dbus-service (list avahi))
+                  (tor-service)
                  %base-services))
 (pam-services
  ;; Explicitly allow for empty passwords.
  (base-pam-services #:allow-empty-passwords? #t))
- (packages (cons* strace xterm avahi %base-packages)))
+ (packages (cons* strace
+                  tor torsocks
+                  xterm avahi %base-packages)))
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3460,6 +3460,13 @@ Return a service that starts @var{interface} with address @var{ip}.  If
 gateway.
 @end deffn
+@deffn {Monadic Procedure} tor-service [#:tor tor]
+Return a service to run the @uref{https://torproject.org,Tor} daemon.
+The daemon runs with the default settings (in particular the default exit
+policy) as the @code{tor} unprivileged user.
+@end deffn
 In addition, @code{(gnu system ssh)} provides the following service.
 @deffn {Monadic Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @

--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -18,11 +18,14 @@
 (define-module (gnu services networking)
  #:use-module (gnu services)
+  #:use-module (gnu system shadow)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages linux)
+  #:use-module (gnu packages tor)
  #:use-module (guix gexp)
  #:use-module (guix monads)
-  #:export (static-networking-service))
+  #:export (static-networking-service
+            tor-service))
 ;;; Commentary:
 ;;;
@@ -85,4 +88,35 @@ (define* (static-networking-service interface ip
                                #t)))))
      (respawn? #f)))))
+(define* (tor-service #:key (tor tor))
+  "Return a service to run the @uref{https://torproject.org,Tor} daemon.
+The daemon runs with the default settings (in particular the default exit
+policy) as the @code{tor} unprivileged user."
+  (mlet %store-monad ((torrc (text-file "torrc" "User tor\n")))
+    (return
+     (service
+      (provision '(tor))
+      ;; Tor needs at least one network interface to be up, hence the
+      ;; dependency on 'loopback'.
+      (requirement '(user-processes loopback))
+      (start #~(make-forkexec-constructor
+                (list (string-append #$tor "/bin/tor") "-f" #$torrc)))
+      (stop #~(make-kill-destructor))
+      (user-groups   (list (user-group
+                            (name "tor"))))
+      (user-accounts (list (user-account
+                            (name "tor")
+                            (group "tor")
+                            (system? #t)
+                            (comment "Tor daemon user")
+                            (home-directory "/var/empty")
+                            (shell
+                             "/run/current-system/profile/sbin/nologin"))))
+      (documentation "Run the Tor anonymous network overlay.")))))
 ;;; networking.scm ends here