pyrox.dev / nixpkgs
lol
fork atom

nixos/tor: fix HidServAuth (#122439)

* add an example for services.tor.settings.HidServAuth

* fix HidServAuth validation to require ".onion"
Per https://manpages.debian.org/testing/tor/torrc.5.en.html :
> Valid onion addresses contain 16 characters in a-z2-7 plus ".onion"

Tom 33a4c431 b5227312

options
unified split
Changed files
+8 -2
nixos
modules
services
security
tor.nix
+8 -2
nixos/modules/services/security/tor.nix 
···

       
170

       
170

       
 

       
    else if k == "ServerTransportPlugin" then


     

       
171

       
171

       
 

       
      optionalString (v.transports != []) "${concatStringsSep "," v.transports} exec ${v.exec}"


     

       
172

       
172

       
 

       
    else if k == "HidServAuth" then


     

       
173

       

       
-

       
      concatMapStringsSep "\n${k} " (settings: settings.onion + " " settings.auth) v


     

       

       
173

       
+

       
      v.onion + " " + v.auth


     

       
174

       
174

       
 

       
    else generators.mkValueStringDefault {} v;


     

       
175

       
175

       
 

       
  genTorrc = settings:


     

       
176

       
176

       
 

       
    generators.toKeyValue {


     
···

       
715

       
715

       
 

       
              (submodule {


     

       
716

       
716

       
 

       
                options = {


     

       
717

       
717

       
 

       
                  onion = mkOption {


     

       
718

       

       
-

       
                    type = strMatching "[a-z2-7]{16}(\\.onion)?";


     

       

       
718

       
+

       
                    type = strMatching "[a-z2-7]{16}\\.onion";


     

       
719

       
719

       
 

       
                    description = "Onion address.";


     

       
720

       
720

       
 

       
                    example = "xxxxxxxxxxxxxxxx.onion";


     

       
721

       
721

       
 

       
                  };


     
···

       
726

       
726

       
 

       
                };


     

       
727

       
727

       
 

       
              })


     

       
728

       
728

       
 

       
            ]);


     

       

       
729

       
+

       
            example = [


     

       

       
730

       
+

       
              {


     

       

       
731

       
+

       
                onion = "xxxxxxxxxxxxxxxx.onion";


     

       

       
732

       
+

       
                auth = "xxxxxxxxxxxxxxxxxxxxxx";


     

       

       
733

       
+

       
              }


     

       

       
734

       
+

       
            ];


     

       
729

       
735

       
 

       
          };


     

       
730

       
736

       
 

       
          options.HiddenServiceNonAnonymousMode = optionBool "HiddenServiceNonAnonymousMode";


     

       
731

       
737

       
 

       
          options.HiddenServiceStatistics = optionBool "HiddenServiceStatistics";