shell-things/etc/tor/torrc-client

80 lines
3.4 KiB
Plaintext

# WARNING: This config uses two guards by default instead of just one,
# search for NumEntryGuards 2, this may make Tor instance doing this more
# identifiable and same applies to some other changes I am doing.
# Run by your own responsibility.
DataDirectory /var/lib/tor-client
Log notice syslog
# This instance will appear in syslog as "Tor-client"
SyslogIdentityTag client
# Use the default SocksPort, but also isolate streams going to different
# destination addresses and in case of DualStack Exits prefer IPv6, because
# they aren't publicly listed and may let through Tor blocks.
# https://trac.torproject.org/projects/tor/ticket/16947
SocksPort 9050 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth
SocksPort 9052 PreferIPv6 IsolateSOCKSAuth
SocksPort 9060 OnionTrafficOnly IsolateSOCKSAuth
# HTTP Proxy port
# This works only for HTTPS and similar, so I ended up using Privoxy to get
# apt-listchanges and apt-listbugs also through Tor.
#HTTPTunnelPort 8118 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth
HTTPTunnelPort 9119 IsolateDestAddr PreferIPv6 IsolateSOCKSAuth
# Uncomment to disable IPv4
#ClientUseIPv4 0
# Allow Tor to connect to relay/bridge over IPv6. As the default is
# IPv4-only, this may cause less anonymity if the guard is bad (and
# especially if you are behind CGN?)
ClientUseIPv6 1
# Always prefer IPv6 over IPv4 (see previous), maybe this would be useful
# in a DS network preventing Tor over IPv4.
ClientPreferIPv6ORPort 1
## Mapping clearnet domains to onions for certificate validation if
## accessed through Tor
# Other valid domains (that I am unlikely to use) in normal IRC:
# fi.pirateirc.net (I use it in Biboumi though) / irc.piraattipuolue.fi
MapAddress roubaix-fr.pirateirc.net tll4bxf546kzf6iv4n2m4pbbjnifrfewe3kcritva2tuuuiowygx2cqd.onion
# Freenode has a lot of valid names, but zettel is the name of their Tor
# server
MapAddress zettel.freenode.net ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion
# My personal server, most likely used for IRC
MapAddress etro.mikaela.info otzmigofmchtadpek223bkmrzqoa6mmvhmr5dxqurcrtwalizfibuxid.onion
# https://liberta.casa/ confirmed from oper
MapAddress irc.liberta.casa cr36xbvmgjwnfw4sly4kuc6c3ozhesjre3y5pggq5xdkkmbrq6dz4fad.onion
# Ergo IRCd's home, confirmed from channel
MapAddress irc.ergo.chat vrw7zcuarwx4oeju3iikiz3jffrvuijsysyznqf53mxizxrebomfnrid.onion
# Heard from staffer, also https://libera.chat/guides/connect#verifying-tor-tls-connections
MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion
# Disable control access
#ControlPort 0
#ControlSocket 0
# If these have been disabled in the main Tor or OneHopOnion and something
# should work with the Debian defaults (e.g. zeronet)
# Uncommented due to how I would uncomment them anyway in my setup. See ###
# below
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /run/tor/control.authcookie
ControlPort 9051
ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck
ControlSocketsGroupWritable 1
SocksPort unix:/run/tor/socks WorldWritable IsolateDestAddr PreferIPv6
### Disabling the Above in Debian Torrc (judging by my running system)
##ControlPort 0
##ControlSocket 0
##CookieAuthentication 0
##CookieAuthFile 0
# https://gitweb.torproject.org/torspec.git/tree/proposals/291-two-guard-nodes.txt
# Possibly dangerous or more easily fingerprintable as it's not the default
# yet!
NumEntryGuards 2