summaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/networking.scm36
1 files changed, 35 insertions, 1 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 7abcd9ed15..502b0d85f1 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -18,11 +18,14 @@
(define-module (gnu services networking)
#:use-module (gnu services)
+ #:use-module (gnu system shadow)
#:use-module (gnu packages admin)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages tor)
#:use-module (guix gexp)
#:use-module (guix monads)
- #:export (static-networking-service))
+ #:export (static-networking-service
+ tor-service))
;;; Commentary:
;;;
@@ -85,4 +88,35 @@ gateway."
#t)))))
(respawn? #f)))))
+(define* (tor-service #:key (tor tor))
+ "Return a service to run the @uref{https://torproject.org,Tor} daemon.
+
+The daemon runs with the default settings (in particular the default exit
+policy) as the @code{tor} unprivileged user."
+ (mlet %store-monad ((torrc (text-file "torrc" "User tor\n")))
+ (return
+ (service
+ (provision '(tor))
+
+ ;; Tor needs at least one network interface to be up, hence the
+ ;; dependency on 'loopback'.
+ (requirement '(user-processes loopback))
+
+ (start #~(make-forkexec-constructor
+ (list (string-append #$tor "/bin/tor") "-f" #$torrc)))
+ (stop #~(make-kill-destructor))
+
+ (user-groups (list (user-group
+ (name "tor"))))
+ (user-accounts (list (user-account
+ (name "tor")
+ (group "tor")
+ (system? #t)
+ (comment "Tor daemon user")
+ (home-directory "/var/empty")
+ (shell
+ "/run/current-system/profile/sbin/nologin"))))
+
+ (documentation "Run the Tor anonymous network overlay.")))))
+
;;; networking.scm ends here