summaryrefslogtreecommitdiffstats
path: root/nixos/modules/services/security/tor.nix
diff options
context:
space:
mode:
authorRobert Schütz <rschuetz17@gmail.com>2018-04-18 09:42:45 +0200
committerGitHub <noreply@github.com>2018-04-18 09:42:45 +0200
commit5bd12c694bfebaef1d03eb7f74a6eca01b86f546 (patch)
treec6f698ed2237240fe71534e1c3b67091baf2e69f /nixos/modules/services/security/tor.nix
parentf00221d0eb755a22531adc3b5b5536555a7c0f13 (diff)
nixos/tor: use RuntimeDirectory, StateDirectory (#39083)
Diffstat (limited to 'nixos/modules/services/security/tor.nix')
-rw-r--r--nixos/modules/services/security/tor.nix10
1 files changed, 4 insertions, 6 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
index 2c727de21027..806252f49b8d 100644
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@@ -703,14 +703,10 @@ in
after = [ "network.target" ];
restartTriggers = [ torRcFile ];
- # Translated from the upstream contrib/dist/tor.service.in
- preStart = ''
- install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory}
- ${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config
- '';
-
serviceConfig =
{ Type = "simple";
+ # Translated from the upstream contrib/dist/tor.service.in
+ ExecStartPre = "${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config";
ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
KillSignal = "SIGINT";
@@ -725,6 +721,8 @@ in
# DeviceAllow /dev/urandom r
# .. but we can't specify DeviceAllow multiple times. 'closed'
# is close enough.
+ RuntimeDirectory = "tor";
+ StateDirectory = [ "tor" "tor/onion" ];
PrivateTmp = "yes";
DevicePolicy = "closed";
InaccessibleDirectories = "/home";
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-14 00:17:09 +0000