Please describe the problem.
I am running NixOS, so the automatic configuration of the tor hidden service does not work because system state is not mutable. Could you provide a way to configure the tor hidden service manually, perhaps printing out the configuration instead of installing it?
What steps will reproduce the problem?
N/A
What version of git-annex are you using? On what operating system?
7.2, NixOS
Please provide any additional information below.
# If you can, paste a complete transcript of the problem occurring here.
# If the problem is with the git-annex assistant, paste in .git/annex/daemon.log
# End of transcript or log.
Have you had any luck using git-annex before? (Sometimes we get tired of reading bug reports all day and a lil' positive end note does wonders)
Yes, I love it.
I have come across what I think is the 'right' way to do this: there seems to be an option where the service can be specified, which would eliminate the need for a manual configuration (note: you can also do
man configuration.nixand /-search for it if you didn't know).Now comes the problem: I'm not sure what to actually put in it. Ports seem like a good place to start, and I've done some digging to try and determine which ones to use
After starting the remote manually, I think the answer might be apparent in
sudo netstat -leepnuta --wide | grep -E 'Proto|tor|annex', but I'm not sure--my networking knowledge is limited. 40449 could be relevant, since it appears so frequently. There's also lots of random 5-digit ones. I thought they might be ephermeral, but not all of them are within that range.Also worth noting: After letting git-annex create the torrc file by changing a bunch of permissions I probably shouldn't, the line where the socket is specified starts with
HiddenServicePort 28913, although that port is not found within netstat (suggesting that I haven't got the remote actually working).That's all I got so far. I will be messing with it more though.
The port can be any otherwise unused port of the system.
The service's unix socket file has to have a name that ends with the uuid of the git-annex repository that's going to use it, because git-annex parses torrc to find that.
And git-annex has to know what the port and onion address are to construct the base p2p address ("tor-annex:$onionaddr:$port"). That gets stored in
.git/annex/p2paddrs.Otherwise, you can use more or less whatever tor configuration you want to.
If you write up a tip documenting how to manually set one up (nix specific would be fine), then it might make sense to simplify that documentation with a command like:
To avoid needing to manually write data into .git/annex/
I think that and documentation is all that's needed, and that command on its own is not very useful w/o documentation of the full manual setup, which is why I suggest you write the documentation first.
Someone wrote a tip explaining how to do it: enable tor on nixos
It might be that some simple changes to git-annex enabletor could simplify the process documented there. An option to control where the torrc file is comes to mind.
Yep, I wrote that tip partly to document how to do it and partly to provoke this discussion =)
As a user what I think I would find the most useful is an option like you described (and a related option for specifying the path to the torrc file) which will detect and enable an already configured hidden service, but just prints the configuration you should add instead of adding it itself to torrc. With a third option to manually specify the hidden service address no root privs would be needed either. The last useful thing I can think of is to relax the
socketFilematching in the code, so that if the repo UUID appears anywhere in the path and the file is accessible, that seems sufficiently unambiguous to me, and when doing this check it would also be helpful to report permission errors clearly.Such functionality should provide a reasonable UX not only for nix/guix users, but also anyone who is running tor as a user service.