[bug#32346] [PATCH 6/6] services: tor: Make it easier to use UNIX sockets.

[Chris Marusich <cmmarusich@gmail.com>]

* doc/guix.texi (Networking Services): Document it, and mention that
tor-service is deprecated.
* gnu/services/networking.scm (<tor-configuration>) <socks-socket-type>:
New field.
(tor-configuration->torrc): When socks-socket-type is 'unix, set
SocksPort to UNIX domain socket /var/run/tor/socks-sock and set
UnixSocksGroupWritable to 1.
* gnu/tests/networking.scm (%tor-os/unix-socks-socket): Instead of using
a custom config file, just set socks-socket-type to 'unix.
---
 doc/guix.texi               | 52 ++++++++++++++++++++++++++++++++-----
 gnu/services/networking.scm | 10 +++++--
 gnu/tests/networking.scm    |  8 +-----
 3 files changed, 54 insertions(+), 16 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 080b091b3..c72b1e480 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -11445,16 +11445,54 @@ detailed discussion of each configuration field.
 @end deftp
 
 @cindex Tor
-@deffn {Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}]
-Return a service to run the @uref{https://torproject.org, Tor} anonymous
-networking daemon.
+@defvr {Scheme Variable} tor-service-type
+This is the type for a service that runs the @uref{https://torproject.org,
+Tor} anonymous networking daemon.  The service is configured using a
+@code{<tor-configuration>} record.  By default, the TOR daemon runs as the
+@code{tor} unprivileged user, which is a member of the @code{tor} group.
+
+@end defvr
 
-The daemon runs as the @code{tor} unprivileged user.  It is passed
-@var{config-file}, a file-like object, with an additional @code{User tor} line
-and lines for hidden services added via @code{tor-hidden-service}.  Run
-@command{man tor} for information about the configuration file.
+@deffn {Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}]
+This procedure is deprecated and will be removed in a future release.  Return
+a service of the @code{tor-service-type} type.  @var{config-file} and
+@var{tor} have the same meaning as in @code{<tor-configuration>}.
 @end deffn
 
+@deftp {Data Type} tor-configuration
+@table @asis
+@item @code{tor} (default: @code{tor})
+The package that provides the TOR daemon.  This package is expected to provide
+the daemon at @file{bin/tor} relative to its output directory.  The default
+package is the @uref{https://www.torproject.org, TOR Project's}
+implementation.
+@item @code{config-file} (default: @code{(plain-file "empty" "")})
+The configuration file to use.  It will be appended to a default configuration
+file, and the final configuration file will be passed to @code{tor} via its
+@code{-f} option.  This may be any ``file-like'' object (@pxref{G-Expressions,
+file-like objects}).  See @code{man tor} for details on the configuration file
+syntax.
+@item @code{hidden-services} (default: @code{'()})
+The list of @code{<hidden-service>} records to use.  For any hidden service
+you include in this list, appropriate configuration to enable the hidden
+service will be automatically added to the default configuration file.  You
+may conveniently create @code{<hidden-service>} records using the
+@code{tor-hidden-service} procedure described below.
+@item @code{socks-socket-type} (default: @code{'tcp})
+The default socket type that TOR should use for its SOCKS socket.  This must
+be either @code{'tcp} or @code{'unix}.  If it is @code{'tcp}, then by default
+TOR will listen on TCP port 9050 on the loopback interface (i.e., localhost).
+If it is @code{'unix}, then TOR will listen on the UNIX domain socket
+@file{/var/run/tor/socks-sock}, which will be made writable by members of the
+@code{tor} group.
+
+If you want to customize the SOCKS socket in more detail, leave
+@code{socks-socket-type} at its default value of @code{'tcp} and use
+@code{config-file} to override the default by providing your own
+@code{SocksPort} option.
+@end table
+@end deftp
+
 @cindex hidden service
 @deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping}
 Define a new Tor @dfn{hidden service} called @var{name} and implementing
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 9523f97f6..a7f722807 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -577,7 +577,9 @@ demand.")))
   (config-file      tor-configuration-config-file
                     (default (plain-file "empty" "")))
   (hidden-services  tor-configuration-hidden-services
-                    (default '())))
+                    (default '()))
+  (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
+                     (default 'tcp)))
 
 (define %tor-accounts
   ;; User account and groups for Tor.
@@ -599,7 +601,7 @@ demand.")))
 (define (tor-configuration->torrc config)
   "Return a 'torrc' file for CONFIG."
   (match config
-    (($ <tor-configuration> tor config-file services)
+    (($ <tor-configuration> tor config-file services socks-socket-type)
      (computed-file
       "torrc"
       (with-imported-modules '((guix build utils))
@@ -615,6 +617,10 @@ User tor
 DataDirectory /var/lib/tor
 PidFile /var/run/tor/tor.pid
 Log notice syslog\n" port)
+                (when (eq? 'unix '#$socks-socket-type)
+                  (display "\
+SocksPort unix:/var/run/tor/socks-sock
+UnixSocksGroupWritable 1\n" port))
 
                 (for-each (match-lambda
                             ((service (ports hosts) ...)
diff --git a/gnu/tests/networking.scm b/gnu/tests/networking.scm
index b332ec3cf..06d6250b8 100644
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@@ -354,13 +354,7 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
   (simple-operating-system
    (service tor-service-type
             (tor-configuration
-             (config-file
-              (plain-file "test-torrc"
-                          "\
-SocksPort unix:/var/run/tor/socks-sock
-UnixSocksGroupWritable 1
-")
-              )))))
+             (socks-socket-type 'unix)))))
 
 (define (run-tor-test)
   (define os
-- 
2.18.0