Next: , Previous: , Up: Systemkonfiguration   [Contents][Index]

3.11 Att få ersättningar från Tor

Guix-demon kan använda en HTTP-proxy för att få ersättningar, här konfigurerar vi den för få dem via Tor.

Varning: Not all Guix daemon’s traffic will go through Tor! Only HTTP/HTTPS will get proxied; FTP, Git protocol, SSH, etc connections will still go through the clearnet. Again, this configuration isn’t foolproof some of your traffic won’t get routed by Tor at all. Use it at your own risk.

Also note that the procedure described here applies only to package substitution. When you update your guix distribution with guix pull, you still need to use torsocks if you want to route the connection to guix’s git repository servers through Tor.

Guix ersättningsserver är tillgänglig som en Onion-tjänst, om du vill använda den för att få dina ersättningar genom Tor konfigurerar du ditt system enligt följande: 

(use-modules (gnu))
(use-service-module base networking)

(operating-system
  
  (services
    (cons
      (service tor-service-type
              (tor-configuration
                (config-file (plain-file "tor-config"
                                         "HTTPTunnelPort 127.0.0.1:9250"))))
      (modify-services %base-services
        (guix-service-type
          config => (guix-configuration
                      (inherit config)
                      ;; ci.guix.gnu.org's Onion service
                      (substitute-urls "\
https://4zwzi66wwdaalbhgnix55ea3ab4pvvw66ll2ow53kjub6se4q2bclcyd.onion")
                      (http-proxy "http://localhost:9250")))))))

This will keep a tor process running that provides a HTTP CONNECT tunnel which will be used by guix-daemon. The daemon can use other protocols than HTTP(S) to get remote resources, request using those protocols won’t go through Tor since we are only setting a HTTP tunnel here. Note that substitutes-urls is using HTTPS and not HTTP or it won’t work, that’s a limitation of Tor’s tunnel; you may want to use privoxy instead to avoid such limitations.

If you don’t want to always get substitutes through Tor but using it just some of the times, then skip the guix-configuration. When you want to get a substitute from the Tor tunnel run: 

sudo herd set-http-proxy guix-daemon http://localhost:9250
guix build \
  --substitute-urls=https://4zwzi66wwdaalbhgnix55ea3ab4pvvw66ll2ow53kjub6se4q2bclcyd.onion …

Next: Ställa in NGINX med Lua, Previous: Setting up a bind mount, Up: Systemkonfiguration   [Contents][Index]