pyrox.dev / nixpkgs
lol
fork atom

tor: restore the Privoxy setup, but configure the system Privoxy instead of running a separate instance.

Evgeny Egorochkin 824b3b1a 1fe5314d

options
unified split
Changed files
+27
nixos
modules
services
security
tor.nix
+27
nixos/modules/services/security/tor.nix 
···

       
122

       
122

       
 

       
            SocksListenAddress.


     

       
123

       
123

       
 

       
          '';


     

       
124

       
124

       
 

       
        };


     

       

       
125

       
+

       



     

       

       
126

       
+

       
        privoxy.enable = mkOption {


     

       

       
127

       
+

       
          default = true;


     

       

       
128

       
+

       
          description = ''


     

       

       
129

       
+

       
            Whether to enable and configure the system Privoxy to use Tor's


     

       

       
130

       
+

       
            faster port, suitable for HTTP.


     

       

       
131

       
+

       



     

       

       
132

       
+

       
            To have anonymity, protocols need to be scrubbed of identifying


     

       

       
133

       
+

       
            information, and this can be accomplished for HTTP by Privoxy.


     

       

       
134

       
+

       



     

       

       
135

       
+

       
            Privoxy can also be useful for KDE torification. A good setup would be:


     

       

       
136

       
+

       
            setting SOCKS proxy to the default Tor port, providing maximum


     

       

       
137

       
+

       
            circuit isolation where possible; and setting HTTP proxy to Privoxy


     

       

       
138

       
+

       
            to route HTTP traffic over faster, but less isolated port.


     

       

       
139

       
+

       
          '';


     

       

       
140

       
+

       
        };


     

       
125

       
141

       
 

       
      };


     

       
126

       
142

       
 

       



     

       
127

       
143

       
 

       
      relay = {


     
···

       
336

       
352

       
 

       
      };


     

       
337

       
353

       
 

       



     

       
338

       
354

       
 

       
    environment.systemPackages = [ pkgs.tor ];


     

       

       
355

       
+

       



     

       

       
356

       
+

       
    services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) {


     

       

       
357

       
+

       
      enable = true;


     

       

       
358

       
+

       
      extraConfig = ''


     

       

       
359

       
+

       
        forward-socks4a / ${cfg.client.socksListenAddressFaster} .


     

       

       
360

       
+

       
        toggle  1


     

       

       
361

       
+

       
        enable-remote-toggle 0


     

       

       
362

       
+

       
        enable-edit-actions 0


     

       

       
363

       
+

       
        enable-remote-http-toggle 0


     

       

       
364

       
+

       
      '';


     

       

       
365

       
+

       
    };


     

       
339

       
366

       
 

       
  };


     

       
340

       
367

       
 

       
}