05/06: services: tor: Store private data under /var/lib/tor.

[Ludovic Courtès]

civodul pushed a commit to branch master
in repository guix.

commit 6629099a635118a9fd72892ec4b13442b811059c
Author: Ludovic Courtès <address@hidden>
Date:   Fri Nov 27 23:29:51 2015 +0100

    services: tor: Store private data under /var/lib/tor.
    
    * gnu/services/networking.scm (tor-configuration->torrc): Add
    'DataDirectory' clause.  Change 'HiddenServiceDir' to
    /var/lib/tor/hidden-services/NAME.
    (tor-hidden-service-activation): Create /var/lib/tor.
    (tor-hidden-service): Adjust docstring.
    * doc/guix.texi (Networking Services): Adjust accordingly.
---
 doc/guix.texi               |    4 ++--
 gnu/services/networking.scm |   21 ++++++++++++++-------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 2252bf9..ab1e4be 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -6597,8 +6597,8 @@ Define a new Tor @dfn{hidden service} called @var{name} 
and implementing
 In this example, port 22 of the hidden service is mapped to local port 22, and
 port 80 is mapped to local port 8080.
 
-This creates a @file{/var/lib/tor/@var{name}} directory, where the
address@hidden file contains the @code{.onion} host name for the hidden
+This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
+the @file{hostname} file contains the @code{.onion} host name for the hidden
 service.
 
 See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 0c54512..ce21b1d 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -351,12 +351,13 @@ keep the system clock synchronized with that of 
@var{servers}."
               (display "\
 # The beginning was automatically added.
 User tor
+DataDirectory /var/lib/tor
 Log notice syslog\n" port)
 
               (for-each (match-lambda
                           ((service (ports hosts) ...)
                            (format port "\
-HiddenServiceDir /var/lib/tor/~a~%"
+HiddenServiceDir /var/lib/tor/hidden-services/~a~%"
                                    service)
                            (for-each (lambda (tcp-port host)
                                        (format port "\
@@ -397,16 +398,22 @@ HiddenServicePort ~a ~a~%"
   #~(begin
       (use-modules (guix build utils))
 
+      (define %user
+        (getpw "tor"))
+
       (define (initialize service)
-        (let ((directory (string-append "/var/lib/tor/"
-                                        service))
-              (user      (getpw "tor")))
+        (let ((directory (string-append "/var/lib/tor/hidden-services/"
+                                        service)))
           (mkdir-p directory)
-          (chown directory (passwd:uid user) (passwd:gid user))
+          (chown directory (passwd:uid %user) (passwd:gid %user))
 
           ;; The daemon bails out if we give wider permissions.
           (chmod directory #o700)))
 
+      (mkdir-p "/var/lib/tor")
+      (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
+      (chmod "/var/lib/tor" #o700)
+
       (for-each initialize
                 '#$(map hidden-service-name
                         (tor-configuration-hidden-services config)))))
@@ -462,8 +469,8 @@ and lines for hidden services added via 
@code{tor-hidden-service}.  Run
 In this example, port 22 of the hidden service is mapped to local port 22, and
 port 80 is mapped to local port 8080.
 
-This creates a @file{/var/lib/tor/@var{name}} directory, where the
address@hidden file contains the @code{.onion} host name for the hidden
+This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where
+the @file{hostname} file contains the @code{.onion} host name for the hidden
 service.
 
 See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor