nixos/tor: fix HidServAuth (#122439)

* add an example for services.tor.settings.HidServAuth * fix HidServAuth validation to require ".onion" Per https://manpages.debian.org/testing/tor/torrc.5.en.html : > Valid onion addresses contain 16 characters in a-z2-7 plus ".onion"
2021-05-11 18:10:32 +10:00 · 2021-05-11 18:10:32 +10:00 · 33a4c43126
parent b5227312c8
commit 33a4c43126
1 changed files with 8 additions and 2 deletions
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@ -170,7 +170,7 @@ let
    else if k == "ServerTransportPlugin" then
      optionalString (v.transports != []) "${concatStringsSep "," v.transports} exec ${v.exec}"
    else if k == "HidServAuth" then
-      concatMapStringsSep "\n${k} " (settings: settings.onion + " " settings.auth) v
+      v.onion + " " + v.auth
    else generators.mkValueStringDefault {} v;
  genTorrc = settings:
    generators.toKeyValue {
@ -715,7 +715,7 @@ in
              (submodule {
                options = {
                  onion = mkOption {
-                    type = strMatching "[a-z2-7]{16}(\\.onion)?";
+                    type = strMatching "[a-z2-7]{16}\\.onion";
                    description = "Onion address.";
                    example = "xxxxxxxxxxxxxxxx.onion";
                  };
@ -726,6 +726,12 @@ in
                };
              })
            ]);
+            example = [
+              {
+                onion = "xxxxxxxxxxxxxxxx.onion";
+                auth = "xxxxxxxxxxxxxxxxxxxxxx";
+              }
+            ];
          };
          options.HiddenServiceNonAnonymousMode = optionBool "HiddenServiceNonAnonymousMode";
          options.HiddenServiceStatistics = optionBool "HiddenServiceStatistics";