Tor
services.tor.client.dns.enable
Whether to enable DNS resolver.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.client.enable
Whether to enable the routing of application connections.
You might want to disable this if you plan running a dedicated Tor relay.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.client.onionServices
See torrc manual.
Type: attribute set of (submodule)
Default
{ }
Example
{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx = {clientAuthorizations = ["/run/keys/tor/alice.prv.x25519"];};}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.client.onionServices.<name>.clientAuthorizations
Clients' authorizations for a v3 onion service, as a list of files containing each one private key, in the format:
descriptor:x25519:<base32-private-key>
Type: list of path
Default
[ ]
Example
["/run/keys/tor/alice.prv.x25519"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.client.socksListenAddress
Bind to this address to listen for connections from Socks-speaking applications.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule)
Default
{IsolateDestAddr = true;addr = "127.0.0.1";port = 9050;}
Example
{IsolateDestAddr = true;addr = "192.168.0.1";port = 9090;}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.client.transparentProxy.enable
Whether to enable transparent proxy.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.controlSocket.enable
Whether to enable control socket,
created in /run/tor/control.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.enable
Whether to enable Tor daemon.
By default, the daemon is run without
relay, exit, bridge or client connectivity.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.enableGeoIP
Whether to enable use of GeoIP databases.
Disabling this will disable by-country statistics for bridges and relays
and some client and third-party software functionality.
Type: boolean
Default
true
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.openFirewall
Whether to enable opening of the relay port(s) in the firewall.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.package
The tor package to use.
Type: package
Default
pkgs.tor
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.enable
Whether to enable relaying of Tor traffic for others.
See https://www.torproject.org/docs/tor-doc-relay for details.
Setting this to true requires setting
{option}services.tor.relay.role
and
{option}services.tor.settings.ORPort
options.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices
See torrc manual.
Type: attribute set of (submodule)
Default
{ }
Example
{"example.org/www" = {authorizedClients = ["descriptor:x25519:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"];map = [80];};}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.authorizeClient
See torrc manual.
Type: null or (submodule)
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.authorizeClient.authType
Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
Type: one of "basic", "stealth"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.authorizeClient.clientNames
Only clients that are listed here are authorized to access the hidden service.
Generated authorization data can be found in {file}/var/lib/tor/onion/$name/hostname.
Clients need to put this authorization data in their configuration file using
.
Type: non-empty (list of string matching the pattern [A-Za-z0-9+-_]+)
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.authorizedClients
Authorized clients for a v3 onion service, as a list of public key, in the format:
descriptor:x25519:<base32-public-key>
Type: list of string
Default
[ ]
Example
["descriptor:x25519:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.map
See torrc manual.
Type: list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule))
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.path
Path where to store the data files of the hidden service.
If the {option}secretKey is null
this defaults to /var/lib/tor/onion/$onion,
otherwise to /run/tor/onion/$onion.
Type: path
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.secretKey
Secret key of the onion service.
If null, Tor reuses any preexisting secret key (in {option}path)
or generates a new one.
The associated public key and hostname are deterministically regenerated
from this file if they do not exist.
Type: null or path
Default
null
Example
"/run/keys/tor/onion/expyuzz4wqqyqhjn/hs_ed25519_secret_key"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.settings
Settings of the onion service. See torrc manual.
Type: settings option
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.settings.HiddenServiceAllowUnknownPorts
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.settings.HiddenServiceExportCircuitID
See torrc manual.
Type: null or value "haproxy" (singular enum)
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreams
See torrc manual.
Type: null or integer between 0 and 65535 (both inclusive)
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints
See torrc manual.
Type: null or integer between 0 and 20 (both inclusive)
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.settings.HiddenServiceSingleHopMode
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.settings.RendPostPeriod
See torrc manual.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.onionServices.<name>.version
See torrc manual.
Type: null or one of 2, 3
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.relay.role
Your role in Tor network. There're several options:
exit: An exit relay. This allows Tor users to access regular Internet services through your public IP.
You can specify which services Tor users may access via
your exit relay using {option}settings.ExitPolicy option.
relay: Regular relay. This allows Tor users to relay onion traffic to other Tor nodes, but not to public Internet.
See https://www.torproject.org/docs/tor-doc-relay.html.en for more info.
bridge: Regular bridge. Works like a regular relay, but doesn't list you in the public relay directory and hides your Tor node behind obfs4proxy.
Using this option will make Tor advertise your bridge to users through various mechanisms like https://bridges.torproject.org/, though.
See https://www.torproject.org/docs/bridges.html.en for more info.
private-bridge: Private bridge. Works like regular bridge, but does not advertise your node in any way.
Using this role means that you won't contribute to Tor network in any way unless you advertise your node yourself in some way.
Use this if you want to run a private bridge, for example because you'll give out your bridge addr manually to your friends.
Switching to this role after measurable time in
"bridge" role is pretty useless as some Tor users
would have learned about your node already. In the
latter case you can still change
{option}port option.
See https://www.torproject.org/docs/bridges.html.en for more info.
::: {.important} Running an exit relay may expose you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info. :::
::: {.important} Note that some misconfigured and/or disrespectful towards privacy sites will block you even if your relay is not an exit relay. That is, just being listed in a public relay directory can have unwanted consequences.
Which means you might not want to use this role if you browse public Internet from the same network as your relay, unless you want to write e-mails to those sites (you should!). :::
::: {.important} WARNING: THE FOLLOWING PARAGRAPH IS NOT LEGAL ADVICE. Consult with your lawyer when in doubt.
The bridge role should be safe to use in most situations
(unless the act of forwarding traffic for others is
a punishable offence under your local laws, which
would be pretty insane as it would make ISP illegal).
:::
Type: one of "exit", "relay", "bridge", "private-bridge"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings
See torrc manual for documentation.
Type: settings option
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AccountingMax
See torrc manual.
Type: null or signed integer or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AccountingStart
See torrc manual.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.Address
See torrc manual.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AssumeReachable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AuthDirHasIPv6Connectivity
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AuthDirListBadExits
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AuthDirPinKeys
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AuthDirSharedRandomness
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AuthDirTestEd25519LinkKeys
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AuthoritativeDirectory
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AutomapHostsOnResolve
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.AutomapHostsSuffixes
See torrc manual.
Type: list of string
Default
[".onion"".exit"]
Example
[".onion"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.BandwidthBurst
See torrc manual.
Type: null or signed integer or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.BandwidthRate
See torrc manual.
Type: null or signed integer or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.BridgeAuthoritativeDir
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.BridgeRecordUsageByCountry
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.BridgeRelay
See torrc manual.
Type: null or boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.CacheDirectory
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.CacheDirectoryGroupReadable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.CellStatistics
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ClientAutoIPv6ORPort
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ClientDNSRejectInternalAddresses
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ClientOnionAuthDir
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ClientPreferIPv6DirPort
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ClientPreferIPv6ORPort
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ClientRejectInternalAddresses
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ClientUseIPv4
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ClientUseIPv6
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ConnDirectionStatistics
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ConstrainedSockets
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ContactInfo
See torrc manual.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ControlPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default
[ ]
Example
[{port = 9051;}]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ControlPortFileGroupReadable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ControlPortWriteToFile
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ControlSocket
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ControlSocketsGroupWritable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.CookieAuthFile
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.CookieAuthFileGroupReadable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.CookieAuthentication
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DNSPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DataDirectory
See torrc manual.
Type: null or path
Default
"/var/lib/tor"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DataDirectoryGroupReadable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DirAllowPrivateAddresses
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DirCache
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DirPolicy
See torrc manual.
Type: list of string
Default
[ ]
Example
["accept *:*"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DirPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default
[ ]
Example
443
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DirPortFrontPage
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DirReqStatistics
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DisableAllSwap
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DisableDebuggerAttachment
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DisableNetwork
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DisableOOSCheck
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DoSCircuitCreationEnabled
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DoSConnectionEnabled
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DoSRefuseSingleHopClientRendezvous
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DormantCanceledByStartup
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DormantOnFirstStartup
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DormantTimeoutDisabledByIdleStreams
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.DownloadExtraInfo
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.EnforceDistinctSubnets
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.EntryStatistics
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExitPolicy
See torrc manual.
Type: list of string
Default
["reject *:*"]
Example
["accept *:*"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExitPolicyRejectLocalInterfaces
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExitPolicyRejectPrivate
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExitPortStatistics
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExitRelay
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExtORPort
See torrc manual.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule)
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExtORPortCookieAuthFile
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExtORPortCookieAuthFileGroupReadable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExtendAllowPrivateAddresses
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ExtraInfoStatistics
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.FascistFirewall
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.FetchDirInfoEarly
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.FetchDirInfoExtraEarly
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.FetchHidServDescriptors
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.FetchServerDescriptors
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.FetchUselessDescriptors
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.GeoIPFile
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.GeoIPv6File
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.GuardfractionFile
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.HSLayer2Nodes
See torrc manual.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.HSLayer3Nodes
See torrc manual.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.HTTPTunnelPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.HidServAuth
See torrc manual.
Type: list of (submodule)
Default
[ ]
Example
[{auth = "xxxxxxxxxxxxxxxxxxxxxx";onion = "xxxxxxxxxxxxxxxx.onion";}]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.HidServAuth.*.auth
Authentication cookie.
Type: string matching the pattern [A-Za-z0-9+/]{22}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.HidServAuth.*.onion
Onion address.
Type: string matching the pattern [a-z2-7]{16}\.onion
Example
"xxxxxxxxxxxxxxxx.onion"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.HiddenServiceNonAnonymousMode
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.HiddenServiceStatistics
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.IPv6Exit
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.KeyDirectory
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.KeyDirectoryGroupReadable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.LogMessageDomains
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.LongLivedPorts
See torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.MainloopStats
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.MaxAdvertisedBandwidth
See torrc manual.
Type: null or signed integer or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.MaxCircuitDirtiness
See torrc manual.
Type: null or signed integer
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.MaxClientCircuitsPending
See torrc manual.
Type: null or signed integer
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.NATDPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.NewCircuitPeriod
See torrc manual.
Type: null or signed integer
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.Nickname
See torrc manual.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ORPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default
[ ]
Example
443
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.OfflineMasterKey
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.OptimisticData
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.PaddingStatistics
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.PerConnBWBurst
See torrc manual.
Type: null or signed integer or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.PerConnBWRate
See torrc manual.
Type: null or signed integer or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.PidFile
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ProtocolWarnings
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.PublishHidServDescriptors
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.PublishServerDescriptor
See torrc manual.
Type: null or one of false, true, 0, 1, "0", "1", "v3", "bridge"
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ReachableAddresses
See torrc manual.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ReachableDirAddresses
See torrc manual.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ReachableORAddresses
See torrc manual.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ReducedExitPolicy
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.RefuseUnknownExits
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.RejectPlaintextPorts
See torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.RelayBandwidthBurst
See torrc manual.
Type: null or signed integer or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.RelayBandwidthRate
See torrc manual.
Type: null or signed integer or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.SOCKSPort
See torrc manual.
Type: list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule))
Default
if config.services.tor.settings.HiddenServiceNonAnonymousMode == truethen [ { port = 0; } ]else [ ]
Example
[{port = 9090;}]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.Sandbox
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ServerDNSAllowBrokenConfig
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ServerDNSAllowNonRFC953Hostnames
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ServerDNSDetectHijacking
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ServerDNSRandomizeCase
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ServerDNSResolvConfFile
See torrc manual.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ServerDNSSearchDomains
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ServerTransportPlugin
See torrc manual.
Type: null or (submodule)
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ServerTransportPlugin.exec
Command of pluggable transport.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ServerTransportPlugin.transports
List of pluggable transports.
Type: list of string
Example
["obfs2""obfs3""obfs4""scramblesuit"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.ShutdownWaitLength
See torrc manual.
Type: signed integer
Default
30
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.SocksPolicy
See torrc manual.
Type: list of string
Default
[ ]
Example
["accept *:*"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.TestingTorNetwork
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.TransPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.TransProxyType
See torrc manual.
Type: null or one of "default", "TPROXY", "ipfw", "pf-divert"
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.UnixSocksGroupWritable
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.UseDefaultFallbackDirs
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.UseMicrodescriptors
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.V3AuthUseLegacyKey
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.V3AuthoritativeDirectory
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.VersioningAuthoritativeDirectory
See torrc manual.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.VirtualAddrNetworkIPv4
See torrc manual.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.VirtualAddrNetworkIPv6
See torrc manual.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.settings.WarnPlaintextPorts
See torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/tor.nix
services.tor.torsocks.allowInbound
Set Torsocks to accept inbound connections. If set to
true, listen() and accept() will be
allowed to be used with non localhost address.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torsocks.nix
services.tor.torsocks.enable
Whether to build /etc/tor/torsocks.conf
containing the specified global torsocks configuration.
Type: boolean
Default
config.services.tor.enable && config.services.tor.client.enable
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torsocks.nix
services.tor.torsocks.fasterServer
IP/Port of the Tor SOCKS server for torsocks-faster wrapper suitable for HTTP. Currently, hostnames are NOT supported by torsocks.
Type: string
Default
"127.0.0.1:9063"
Example
"192.168.0.20:1234"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torsocks.nix
services.tor.torsocks.onionAddrRange
Tor hidden sites do not have real IP addresses. This specifies what range of IP addresses will be handed to the application as "cookies" for .onion names. Of course, you should pick a block of addresses which you aren't going to ever need to actually connect to. This is similar to the MapAddress feature of the main tor daemon.
Type: string
Default
"127.42.42.0/24"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torsocks.nix
services.tor.torsocks.server
IP/Port of the Tor SOCKS server. Currently, hostnames are NOT supported by torsocks.
Type: string
Default
"127.0.0.1:9050"
Example
"192.168.0.20:1234"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torsocks.nix
services.tor.torsocks.socks5Password
SOCKS5 password. The TORSOCKS_PASSWORD
environment variable overrides this option if it is set.
Type: null or string
Default
null
Example
"sekret"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torsocks.nix
services.tor.torsocks.socks5Username
SOCKS5 username. The TORSOCKS_USERNAME
environment variable overrides this option if it is set.
Type: null or string
Default
null
Example
"bob"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torsocks.nix
services.tor.tsocks.config
Extra configuration. Contents will be added verbatim to TSocks configuration file.
Type: strings concatenated with "\n"
Default
""
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torify.nix
services.tor.tsocks.enable
Whether to build tsocks wrapper script to relay application traffic via Tor.
::: {.important}
You shouldn't use this unless you know what you're
doing because your installation of Tor already comes with
its own superior (doesn't leak DNS queries)
torsocks wrapper which does pretty much
exactly the same thing as this.
:::
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torify.nix
services.tor.tsocks.server
IP address of TOR client to use.
Type: string
Default
"localhost:9050"
Example
"192.168.0.20"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/torify.nix