@@ -948,34 +948,40 @@ (define (tor-shepherd-service config)
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
(modules '((gnu build shepherd)
(gnu system file-systems)))
+ ;; The file descriptor ulimit must be raised in the
+ ;; environment from which the daemon is launched; see
+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+ ;; The exact number is somewhat arbitrary but taken from
+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
(start #~(make-forkexec-constructor/container
(list #$(file-append bash "/bin/bash") "-c"
(string-append "ulimit -n 32768; exec "
- #$(file-append tor "/bin/tor") " -f " #$torrc))
+ #$(file-append tor "/bin/tor")
+ " -f " #$torrc))
#:log-file "/var/log/tor.log"
#:mappings (list (file-system-mapping
(source "/var/lib/tor")
(target source)
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/run/tor")
(target source)
(writable? #t)))
#:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))