nixos/tor: don't do privoxy stuff by default

It's very surprising that services.tor.client.enable would set
services.privoxy.enable.  This violates the principle of least
astonishment, because it's Privoxy that can integrate with Tor, rather
than the other way around.

So this patch moves the Privoxy Tor integration to the Privoxy module,
and it also disables it by default.  This change is documented in the
release notes.

Reported-by: V <v@anomalous.eu>

2 files changed, 21 insertions, 30 deletions

diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix
index 1f41c720adf5..e3b34cb0c616 100644
--- a/nixos/modules/services/networking/privoxy.nix
+++ b/nixos/modules/services/networking/privoxy.nix
@@ -8,15 +8,22 @@ let
 
   cfg = config.services.privoxy;
 
-  confFile = pkgs.writeText "privoxy.conf" ''
+  confFile = pkgs.writeText "privoxy.conf" (''
     user-manual ${privoxy}/share/doc/privoxy/user-manual
     confdir ${privoxy}/etc/
     listen-address  ${cfg.listenAddress}
     enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"}
     ${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles}
     ${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles}
+  '' + optionalString cfg.enableTor ''
+    forward-socks4a / ${config.services.tor.client.socksListenAddressFaster} .
+    toggle 1
+    enable-remote-toggle 0
+    enable-edit-actions 0
+    enable-remote-http-toggle 0
+  '' + ''
     ${cfg.extraConfig}
-  '';
+  '');
 
 in
 
@@ -72,6 +79,15 @@ in
         '';
       };
 
+      enableTor = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to configure Privoxy to use Tor's faster SOCKS port,
+          suitable for HTTP.
+        '';
+      };
+
       extraConfig = mkOption {
         type = types.lines;
         default = "" ;
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
index 38dc378887a8..1cceee065b1b 100644
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@@ -107,6 +107,9 @@ let
 in
 {
   imports = [
+    (mkRemovedOptionModule [ "services" "tor" "client" "privoxy" "enable" ] ''
+      Use services.privoxy.enable and services.privoxy.enableTor instead.
+    '')
     (mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
     (mkRemovedOptionModule [ "services" "tor" "relay" "isBridge" ] "Use services.tor.relay.role instead.")
     (mkRemovedOptionModule [ "services" "tor" "relay" "isExit" ] "Use services.tor.relay.role instead.")
@@ -270,23 +273,6 @@ in
             description = "List of suffixes to use with automapHostsOnResolve";
           };
         };
-
-        privoxy.enable = mkOption {
-          type = types.bool;
-          default = true;
-          description = ''
-            Whether to enable and configure the system Privoxy to use Tor's
-            faster port, suitable for HTTP.
-
-            To have anonymity, protocols need to be scrubbed of identifying
-            information, and this can be accomplished for HTTP by Privoxy.
-
-            Privoxy can also be useful for KDE torification. A good setup would be:
-            setting SOCKS proxy to the default Tor port, providing maximum
-            circuit isolation where possible; and setting HTTP proxy to Privoxy
-            to route HTTP traffic over faster, but less isolated port.
-          '';
-        };
       };
 
       relay = {
@@ -784,16 +770,5 @@ in
       };
 
     environment.systemPackages = [ cfg.package ];
-
-    services.privoxy = mkIf (cfg.client.enable && cfg.client.privoxy.enable) {
-      enable = true;
-      extraConfig = ''
-        forward-socks4a / ${cfg.client.socksListenAddressFaster} .
-        toggle  1
-        enable-remote-toggle 0
-        enable-edit-actions 0
-        enable-remote-http-toggle 0
-      '';
-    };
   };
 }