diff options
-rw-r--r-- | doc/guix.texi | 48 | ||||
-rw-r--r-- | gnu/services/networking.scm | 76 |
2 files changed, 108 insertions, 16 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 1c1e0164e7..ae9bd7e290 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -127,6 +127,7 @@ Copyright @copyright{} 2023 Tomas Volf@* Copyright @copyright{} 2024 Herman Rimm@* Copyright @copyright{} 2024 Matthew Trzcinski@* Copyright @copyright{} 2024 Richard Sent@* +Copyright @copyright{} 2024 Nigko Yerden@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -21877,6 +21878,13 @@ If @code{#t}, Tor will listen for control commands on the UNIX domain socket @file{/var/run/tor/control-sock}, which will be made writable by members of the @code{tor} group. +@item @code{transport-plugins} (default: @code{'()}) +The list of @code{<tor-transport-plugin>} records to use. +For any transport plugin you include in this list, appropriate +configuration line to enable transport plugin will be automatically +added to the default configuration file. + + @end table @end deftp @@ -21905,6 +21913,46 @@ maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080. @end table @end deftp +@cindex pluggable transports, tor +@deftp {Data Type} tor-transport-plugin +Data type representing a Tor pluggable transport plugin in +@code{tor-configuration}. Plagguble transports are programs +that disguise Tor traffic, which can be useful in case Tor is +censored. See the the Tor project's +@url{https://tb-manual.torproject.org/circumvention/, +documentation} and +@url{https://spec.torproject.org/pt-spec/index.html, +specification} for more information. + +Each transport plugin corresponds either to +``ClientTransportPlugin ...'' or to +``ServerTransportPlugin ...'' line in the default +configuration file, see the @code{man tor}. +Available @code{tor-transport-plugin} fields are: + +@table @asis +@item @code{role} (default: @code{'client}) +This must be either @code{'client} or @code{'server}. Otherwise, +an error is raised. Set the @code{'server} value if you want to +run a bridge to help censored users connect to the Tor network, see +@url{https://community.torproject.org/relay/setup/bridge/, +the Tor project's brige guide}. Set the @code{'client} value +if you want to connect to somebody else's bridge, see +@url{https://bridges.torproject.org/, the Tor project's +``Get Bridges'' page}. In both cases the required +additional configuration should be provided via +@code{#:config-file} option of @code{tor-configuration}. +@item @code{protocol} (default: @code{"obfs4"}) +A string that specifies a pluggable transport protocol. +@item @code{path-to-binary} +This must be a ``file-like'' object or a string +pointing to the pluggable transport plugin executable. +This option allows the Tor daemon run inside the container +to access the executable and all the references +(e.g. package dependencies) attached to it. +@end table +@end deftp + The @code{(gnu services rsync)} module provides the following services: You might want an rsync daemon if you have files that you want available diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 8e64e529ab..cb1749ffe6 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -22,6 +22,7 @@ ;;; Copyright © 2023 Declan Tsien <declantsien@riseup.net> ;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu> ;;; Copyright © 2023 muradm <mail@muradm.net> +;;; Copyright © 2024 Nigko Yerden <nigko.yerden@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -159,10 +160,16 @@ tor-configuration-hidden-services tor-configuration-socks-socket-type tor-configuration-control-socket-path + tor-configuration-transport-plugins tor-onion-service-configuration tor-onion-service-configuration? tor-onion-service-configuration-name tor-onion-service-configuration-mapping + tor-transport-plugin + tor-transport-plugin? + tor-transport-plugin-role + tor-transport-plugin-protocol + tor-transport-plugin-path tor-hidden-service ; deprecated tor-service-type @@ -955,7 +962,9 @@ applications in communication. It is used by Jami, for example."))) (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugins tor-configuration-transport-plugins + (default '()))) (define %tor-accounts ;; User account and groups for Tor. @@ -985,10 +994,24 @@ Onion Service.") @end lisp maps ports 22 and 80 of the Onion Service to the local ports 22 and 8080.")) +(define-record-type* <tor-transport-plugin> + tor-transport-plugin make-tor-transport-plugin + tor-transport-plugin? + (role tor-transport-plugin-role + (default 'client) + (sanitize (lambda (value) + (if (memq value '(client server)) + value + (configuration-field-error #f 'role value))))) + (protocol tor-transport-plugin-protocol + (default "obfs4")) + (path-to-binary tor-transport-plugin-path)) + (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config <tor-configuration> - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugins) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1027,6 +1050,20 @@ HiddenServicePort ~a ~a~%" (cons name mapping))) hidden-services)) + (for-each (match-lambda + ((role-string protocol path) + (format port "\ +~aTransportPlugin ~a exec ~a~%" + role-string protocol path))) + '#$(map (match-lambda + (($ <tor-transport-plugin> role protocol path) + (list (if (eq? role 'client) + "Client" + "Server") + protocol + path))) + transport-plugins)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1039,23 +1076,30 @@ HiddenServicePort ~a ~a~%" (define (tor-shepherd-service config) "Return a <shepherd-service> running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugins (tor-configuration-transport-plugins config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (map (lambda (plugin) + (file-system-mapping + (source (tor-transport-plugin-path plugin)) + (target source))) + transport-plugins)) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) |