tor module: expose control socket

[offlinehacker]

This exposes control socket of tor accessible to tor user and users in tor group

• Tested using sandboxing
  (nix.useSandbox on NixOS,
  or option build-use-sandbox in nix.conf
  on non-NixOS)
• Built on platform(s)
  • NixOS
  • macOS
  • Linux
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Fits CONTRIBUTING.md.

---

[mention-bot]

@offlinehacker, thanks for your PR! By analyzing the history of the files in this pull request, we identified @thoughtpolice, @Phreedom and @tnias to be potential reviewers.

[oxij]

I would prefer it were hidden behind an `enable` option. Also, the service now has two `preStart`s (probably from git-rebase).

[offlinehacker]

What do you sugest the option name to be as controlSocket should be by default set to some sane path i guess.

[offlinehacker]

I mean one way would be controlSocket.enable and controlSocket.path options, as user would else need to know that /var/run/tor/control is where socket should be.

[oxij]

Jaka Hudoklin <notifications@github.com> writes:

I mean one way would be `controlSocket.enable` and `controlSocket.path` options, as user would else need to know that `/var/run/tor/control` is where socket should be.

To be honest, I would just remove the `path` option. Too much work to make it configurable with sandboxing. Just `controlSocket.enable` is fine.

[offlinehacker]

Ok, fixed, is this fine now?

[oxij]

Yes, the new lines are fine, but the line ${optint "ControlPort" (toString cfg.controlPort)} was recently reverted back to ${optint "ControlPort" cfg.controlPort} in master (it was a bug). Can you please rebase on top of `master` again? (Another reason to hate GitHub with its overly strict "security model")

[oxij]

I pushed an updated version into #37827.