nixos/tor: don't do privoxy stuff by default

It's very surprising that services.tor.client.enable would set services.privoxy.enable. This violates the principle of least astonishment, because it's Privoxy that can integrate with Tor, rather than the other way around. So this patch moves the Privoxy Tor integration to the Privoxy module, and it also disables it by default. This change is documented in the release notes. Reported-by: V <v@anomalous.eu>
NixOS · Dec 16, 2020 · e17d4b0 · e17d4b0
1 parent cd75006
commit e17d4b0
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 30 deletions.
diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml
@@ -265,6 +265,19 @@
       located in <literal>/run/rspamd</literal> instead of <literal>/run</literal>.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      Enabling the Tor client no longer silently also enables and
+      configures Privoxy, and the
+      <varname>services.tor.client.privoxy.enable</varname> option has
+      been removed.  To enable Privoxy, and to configure it to use
+      Tor's faster port, use the following configuration:
+    </para>
+    <programlisting>
+      <xref linkend="opt-services.privoxy.enable" /> = true;
+      <xref linkend="opt-services.privoxy.enableTor" /> = true;
+    </programlisting>
+   </listitem>
   </itemizedlist>
  </section>
 

diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix
@@ -8,15 +8,22 @@ let
 
   cfg = config.services.privoxy;
 
-  confFile = pkgs.writeText "privoxy.conf" ''
+  confFile = pkgs.writeText "privoxy.conf" (''
     user-manual ${privoxy}/share/doc/privoxy/user-manual
     confdir ${privoxy}/etc/
     listen-address  ${cfg.listenAddress}
     enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"}
     ${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles}
     ${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles}
+  '' + optionalString cfg.enableTor ''
+    forward-socks4a / ${config.services.tor.client.socksListenAddressFaster} .
+    toggle 1
+    enable-remote-toggle 0
+    enable-edit-actions 0
+    enable-remote-http-toggle 0
+  '' + ''
     ${cfg.extraConfig}
-  '';
+  '');
 
 in
 
@@ -72,6 +79,15 @@ in
         '';
       };
 
+      enableTor = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to configure Privoxy to use Tor's faster SOCKS port,
+          suitable for HTTP.
+        '';
+      };
+
       extraConfig = mkOption {
         type = types.lines;
         default = "" ;

diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
@@ -107,6 +107,9 @@ let
 in
 {
   imports = [
+    (mkRemovedOptionModule [ "services" "tor" "client" "privoxy" "enable" ] ''
+      Use services.privoxy.enable and services.privoxy.enableTor instead.
+    '')
     (mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
     (mkRemovedOptionModule [ "services" "tor" "relay" "isBridge" ] "Use services.tor.relay.role instead.")
     (mkRemovedOptionModule [ "services" "tor" "relay" "isExit" ] "Use services.tor.relay.role instead.")
@@ -270,23 +273,6 @@ in
             description = "List of suffixes to use with automapHostsOnResolve";
           };
         };
-
-        privoxy.enable = mkOption {
-          type = types.bool;
-          default = true;
-          description = ''
-            Whether to enable and configure the system Privoxy to use Tor's
-            faster port, suitable for HTTP.
-
-            To have anonymity, protocols need to be scrubbed of identifying
-            information, and this can be accomplished for HTTP by Privoxy.
-
-            Privoxy can also be useful for KDE torification. A good setup would be:
-            setting SOCKS proxy to the default Tor port, providing maximum
-            circuit isolation where possible; and setting HTTP proxy to Privoxy
-            to route HTTP traffic over faster, but less isolated port.
-          '';
-        };
       };
 
       relay = {
@@ -784,16 +770,5 @@ in
       };
 
     environment.systemPackages = [ cfg.package ];
-
-    services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) {
-      enable = true;
-      extraConfig = ''
-        forward-socks4a / ${cfg.client.socksListenAddressFaster} .
-        toggle  1
-        enable-remote-toggle 0
-        enable-edit-actions 0
-        enable-remote-http-toggle 0
-      '';
-    };
   };
 }