pyrox.dev
1{
2 config,
3 lib,
4 pkgs,
5 ...
6}:
7let
8
9 cfg = config.services.tor;
10
11 torify = pkgs.writeTextFile {
12 name = "tsocks";
13 text = ''
14 #!${pkgs.runtimeShell}
15 TSOCKS_CONF_FILE=${pkgs.writeText "tsocks.conf" cfg.tsocks.config} LD_PRELOAD="${pkgs.tsocks}/lib/libtsocks.so $LD_PRELOAD" "$@"
16 '';
17 executable = true;
18 destination = "/bin/tsocks";
19 };
20
21in
22
23{
24
25 ###### interface
26
27 options = {
28
29 services.tor.tsocks = {
30
31 enable = lib.mkOption {
32 type = lib.types.bool;
33 default = false;
34 description = ''
35 Whether to build tsocks wrapper script to relay application traffic via Tor.
36
37 ::: {.important}
38 You shouldn't use this unless you know what you're
39 doing because your installation of Tor already comes with
40 its own superior (doesn't leak DNS queries)
41 `torsocks` wrapper which does pretty much
42 exactly the same thing as this.
43 :::
44 '';
45 };
46
47 server = lib.mkOption {
48 type = lib.types.str;
49 default = "localhost:9050";
50 example = "192.168.0.20";
51 description = ''
52 IP address of TOR client to use.
53 '';
54 };
55
56 config = lib.mkOption {
57 type = lib.types.lines;
58 default = "";
59 description = ''
60 Extra configuration. Contents will be added verbatim to TSocks
61 configuration file.
62 '';
63 };
64
65 };
66
67 };
68
69 ###### implementation
70
71 config = lib.mkIf cfg.tsocks.enable {
72
73 environment.systemPackages = [ torify ]; # expose it to the users
74
75 services.tor.tsocks.config = ''
76 server = ${toString (lib.head (lib.splitString ":" cfg.tsocks.server))}
77 server_port = ${toString (lib.tail (lib.splitString ":" cfg.tsocks.server))}
78
79 local = 127.0.0.0/255.128.0.0
80 local = 127.128.0.0/255.192.0.0
81 '';
82 };
83
84}