Merge staging-next into staging

2025-07-07 11:05:30 +03:00 · 2020-12-16 12:21:20 +00:00 · 2020-12-16 12:21:20 +00:00 · c9bbcb2fc1
commit c9bbcb2fc1
parent d5bc837de6 4fa9e3f59f
18 changed files with 287 additions and 193 deletions
--- a/nixos/modules/services/networking/privoxy.nix
+++ b/nixos/modules/services/networking/privoxy.nix
@ -8,15 +8,22 @@ let

  cfg = config.services.privoxy;

-  confFile = pkgs.writeText "privoxy.conf" ''
+  confFile = pkgs.writeText "privoxy.conf" (''
    user-manual ${privoxy}/share/doc/privoxy/user-manual
    confdir ${privoxy}/etc/
    listen-address  ${cfg.listenAddress}
    enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"}
    ${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles}
    ${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles}
+  '' + optionalString cfg.enableTor ''
+    forward-socks4a / ${config.services.tor.client.socksListenAddressFaster} .
+    toggle 1
+    enable-remote-toggle 0
+    enable-edit-actions 0
+    enable-remote-http-toggle 0
+  '' + ''
    ${cfg.extraConfig}
-  '';
+  '');

 in

@ -72,6 +79,15 @@ in
        '';
      };

+      enableTor = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to configure Privoxy to use Tor's faster SOCKS port,
+          suitable for HTTP.
+        '';
+      };
+
      extraConfig = mkOption {
        type = types.lines;
        default = "" ;
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@ -107,6 +107,9 @@ let
 in
 {
  imports = [
+    (mkRemovedOptionModule [ "services" "tor" "client" "privoxy" "enable" ] ''
+      Use services.privoxy.enable and services.privoxy.enableTor instead.
+    '')
    (mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
    (mkRemovedOptionModule [ "services" "tor" "relay" "isBridge" ] "Use services.tor.relay.role instead.")
    (mkRemovedOptionModule [ "services" "tor" "relay" "isExit" ] "Use services.tor.relay.role instead.")
@ -270,23 +273,6 @@ in
            description = "List of suffixes to use with automapHostsOnResolve";
          };
        };
-
-        privoxy.enable = mkOption {
-          type = types.bool;
-          default = true;
-          description = ''
-            Whether to enable and configure the system Privoxy to use Tor's
-            faster port, suitable for HTTP.
-
-            To have anonymity, protocols need to be scrubbed of identifying
-            information, and this can be accomplished for HTTP by Privoxy.
-
-            Privoxy can also be useful for KDE torification. A good setup would be:
-            setting SOCKS proxy to the default Tor port, providing maximum
-            circuit isolation where possible; and setting HTTP proxy to Privoxy
-            to route HTTP traffic over faster, but less isolated port.
-          '';
-        };
      };

      relay = {
@ -784,16 +770,5 @@ in
      };

    environment.systemPackages = [ cfg.package ];
-
-    services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) {
-      enable = true;
-      extraConfig = ''
-        forward-socks4a / ${cfg.client.socksListenAddressFaster} .
-        toggle  1
-        enable-remote-toggle 0
-        enable-edit-actions 0
-        enable-remote-http-toggle 0
-      '';
-    };
  };
 }