pyrox.dev
1{ config, lib, pkgs, ... }:
2with lib;
3let
4
5 cfg = config.services.tor;
6
7 torify = pkgs.writeTextFile {
8 name = "tsocks";
9 text = ''
10 #!${pkgs.runtimeShell}
11 TSOCKS_CONF_FILE=${pkgs.writeText "tsocks.conf" cfg.tsocks.config} LD_PRELOAD="${pkgs.tsocks}/lib/libtsocks.so $LD_PRELOAD" "$@"
12 '';
13 executable = true;
14 destination = "/bin/tsocks";
15 };
16
17in
18
19{
20
21 ###### interface
22
23 options = {
24
25 services.tor.tsocks = {
26
27 enable = mkOption {
28 default = false;
29 description = ''
30 Whether to build tsocks wrapper script to relay application traffic via Tor.
31
32 <important>
33 <para>You shouldn't use this unless you know what you're
34 doing because your installation of Tor already comes with
35 its own superior (doesn't leak DNS queries)
36 <literal>torsocks</literal> wrapper which does pretty much
37 exactly the same thing as this.</para>
38 </important>
39 '';
40 };
41
42 server = mkOption {
43 default = "localhost:9050";
44 example = "192.168.0.20";
45 description = ''
46 IP address of TOR client to use.
47 '';
48 };
49
50 config = mkOption {
51 default = "";
52 description = ''
53 Extra configuration. Contents will be added verbatim to TSocks
54 configuration file.
55 '';
56 };
57
58 };
59
60 };
61
62 ###### implementation
63
64 config = mkIf cfg.tsocks.enable {
65
66 environment.systemPackages = [ torify ]; # expose it to the users
67
68 services.tor.tsocks.config = ''
69 server = ${toString(head (splitString ":" cfg.tsocks.server))}
70 server_port = ${toString(tail (splitString ":" cfg.tsocks.server))}
71
72 local = 127.0.0.0/255.128.0.0
73 local = 127.128.0.0/255.192.0.0
74 '';
75 };
76
77}