From 5f211353d27574e4636d7dd4e57f90bb0186a926 Mon Sep 17 00:00:00 2001
From: kubeworm <93949496+guest42069@users.noreply.github.com>
Date: Fri, 24 Nov 2023 17:09:31 +0000
Subject: [PATCH] Update arti.toml

---
 arti/arti.toml | 323 +------------------------------------------------
 1 file changed, 1 insertion(+), 322 deletions(-)

diff --git a/arti/arti.toml b/arti/arti.toml
index 4b0608a..94d1b66 100644
--- a/arti/arti.toml
+++ b/arti/arti.toml
@@ -1,331 +1,10 @@
-# (Built-in defaults for the arti configuration format.)
-# (This is an example file you can use as a template or as documentation.)
-
-# Rules about how arti should behave as an application
-[application]
-# If true, we should watch our configuration files for changes.
-#
-# (Note that this feature may misbehave if you change symlinks in the
-# paths to the directory holding the configuration files, if you
-# remove and recreate those directories, or if those directories
-# change for some other reason.)
-#watch_configuration = false
-
-# If true, we should allow other processes run by the same user to inspect this
-# process's memory.
-#
-# (By default, assuming arti has been built with the `harden` feature flag, we
-# take what step we can, including disabling core dumps, to keep its memory and
-# state secret from other processes.)
-#
-#permit_debugging = false
-
-# If true, then we allow Arti to start even if the current user is root.
-#
-# (By default, we exit if we are running as root, since this is usually a
-# mistake.)
-#allow_running_as_root = false
-
-# Set up the Arti program to run as a proxy.
+# https://gitlab.torproject.org/tpo/core/arti/-/blob/main/crates/arti/src/arti-example-config.toml
 [proxy]
-# Default port to use when listening to SOCKS connections.  We always
-# listen on localhost.
-#
-# Note that only one process can listen on a given port at a time.
 socks_listen = "0.0.0.0:9050"
-
-# Port to use to listen for DNS requests.  0 means disabled.
-#dns_listen = 0
-
-# Configure logging
 [logging]
-
-# Specify filtering directives for sending trace messages to the console
-# (via standard output).
-#
-# It can be as simple as a single loglevel, or as complicated as a
-# list with per-module settings.
-#
-# You can override this setting with the -l, --log-level command-line option.
-#
-# Example:
-#     trace_filter = "info,tor_proto::channel=trace"
-#
-# For more information, see https://docs.rs/tracing-subscriber/0.2.20/tracing_subscriber/filter/struct.EnvFilter.html
 console = "info"
-
-# As above, but specify filtering directives for sending trace messages to 
-# the journald logging system.  Empty string means not to use journald.
-#journald = ""
-
-# You can also configure one or more log files, with different filters, and optional
-# rotation.
-#
-# For example (not the default):
-#files = [
-#         {path = "~/logs/debug.log", filter="debug"},
-#         {path = "~/logs/trace.log", filter="trace", rotate="daily"},
-#]
-
-# Whether to log sensitive information (such as target hostnames and ip addresses)
-#
-# If set to `false` (the default), such information is not logged in meessages of
-# level `info` or higher.
-#log_sensitive_information = false
-
-# Locations to use for storing things on disk.
-#
-# These paths can use ~ to indicate the user's home directory, or a set
-# of shell-style variables to indicate platform-specific paths.
-#
-# Supported variables are ARTI_CACHE, ARTI_CONFIG, ARTI_SHARED_DATA,
-# ARTI_LOCAL_DATA, and USER_HOME.
-#
-# Multiple processes can share the same cache_dir.  If they do, one of them
-# will download directory information for all of the others.
-#
-# The state directory is not yet used.
 [storage]
 cache_dir = "/arti/cache"
 state_dir = "/arti/state"
-
-# Describe how to enforce permissions on the filesystem when accessing the cache
-# and state directories.  (This does not apply to configuration files) 
-[storage.permissions]
-# If set to true, we ignore all filesystem permissions.
-#dangerously_trust_everyone = false
-
-# What user (if any) is trusted to own files and directories?  ":current" means
-# to trust the current user.
-#trust_user = ":current"
-
-# What group (if any) is trusted to have read/write access to files and
-# directories?  ":selfnamed" means to trust the group with the same name as the
-# current user, if that user is a member.
-#trust_group = ":username"
-
-# If set, gives a path prefix that will always be trusted.  For example, if this
-# option is set to "/home/", and we are checking "/home/username/.cache", then
-# we always accept the permissions on "/" and "/home", but we check the
-# permissions on "/home/username" and "/home/username/.cache".
-# 
-# (This is not the default.)
-#
-#     ignore_prefix = "/home/"
-#ignore_prefix = ""
-
-# Bridges (for anticensorship support)
-[bridges]
-
-# Should we use configured bridges?
-#     If set to false, we will ignore the configured bridges.
-#     If set to "auto", we will use any bridges that are configured.
-#     If set to true, bridges must be configured and will be used.
-#enabled = "auto"
-
-# What bridges (including pluggable transports) to use, in this syntax:
-#  bridges = [ 
-#      "<IP>:<ORPort> <fingerprint> [<fingerprint> ...]",
-#      "<transport> <host>:<ORPort>|- <fingerprint> [...] [<key>=<val> ...]",
-#  ]
-#
-# For example:
-#  bridges = [ 
-#      "192.0.2.83:80 $0bac39417268b96b9f514ef763fa6fba1a788956",
-#      "[2001:db8::3150]:8080 $0bac39417268b96b9f514e7f63fa6fb1aa788957",
-#      "obfs4 bridge.example.net:80 $0bac39417268b69b9f514e7f63fa6fba1a788958 ed25519:dGhpcyBpcyBbpmNyZWRpYmx5IHNpbGx5ISEhISEhISA iat-mode=1",
-#  ]
-#
-# You may specify all the bridge lines in one multi-line string:
-#  bridges = '''
-#  192.0.2.83:80 $0bac39417268b96b9f514ef763fa6fba1a788956
-#  [2001:db8::3150]:8080 $0bac39417268b96b9f514e7f63fa6fb1aa788957
-#  obfs4 bridge.example.net:80 $0bac39417268b69b9f514e7f63fa6fba1a788958 ed25519:dGhpcyBpcyBbpmNyZWRpYmx5IHNpbGx5ISEhISEhISA iat-mode=1
-#  '''
-#
-# (Note that these are just examples, not real bridges - they will not work.)
-#
-#bridges = []
-
-# An example pluggable transport binary.
-# [[bridges.transports]]
-
-# Which pluggable transports does this binary provide?
-# protocols = ["obfs4", "obfs5"]
-
-# Path to the binary to be run.
-# path = "/usr/bin/obfsproxy"
-
-# Any command-line arguments to pass to the binary (empty if not specified).
-# arguments = ["-obfs4", "-obfs5"]
-
-# Should we run this binary on startup? If false or unspecified, the binary will be
-# launched when we first attempt to use any of the transports it provides instead.
-# run_on_startup = true
-
-# Replacement values for consensus parameters.  This is an advanced option
-# and you probably should leave it alone. Not all parameters are supported.
-# These are case-sensitive.
-#
-[override_net_params]
-# For example (not the eefaults):
-#     circwindow = 1000
-#     min_paths_for_circs_pct = 60
-
-# Configuration for timing when and how often we should download directory
-# information.
-#
-# We use a randomized algorithm for determining when to retry. With
-# the various retry_* options, "num" is the number of downloads to
-# attempt, and "initial_delay" is a parameter determining both our
-# _first_ delay before we reattempt, and our _minimum_ delay for
-# subsequent attempts.
-[download_schedule]
-
-# How to retry our initial bootstrapping when we're trying to start up.
-#retry_bootstrap = { attempts = 128, initial_delay = "1 sec", parallelism = 1 }
-
-# How to retry a single consensus download.
-#retry_consensus = { attempts = 3, initial_delay = "1 sec", parallelism = 1 }
-
-# How to retry a set of authority certificate downloads.
-#retry_certs = { attempts = 3, initial_delay = "1 sec", parallelism = 1 }
-
-# How to retry a set of microdescriptor downloads.
-#retry_microdescs = { attempts = 3, initial_delay = "1 sec", parallelism = 4 }
-
-# Information about how premature or expired our directories are allowed to be.
-#
-# These options help us tolerate clock skew, and help survive the case where the
-# directory authorities are unable to reach consensus for a while.
-[directory_tolerance]
-# For how long before a directory document is valid should we accept it?
-#pre_valid_tolerance = "1 day"
-
-# For how long after a directory document is valid should we consider it usable?
-#post_valid_tolerance = "3 days"
-
-# Tells the circuit manager rule for constructing circuit paths
-[path_rules]
-
-# How far apart do relays need to be in IP-space before they can be
-# used in the same circuit?  For example, "ipv4_subnet_family_prefix=16"
-# means that two relays cannot appear in the same circuit if their
-# IPv4 addresses begin with the same 16 bits.
-#ipv4_subnet_family_prefix = 16
-#ipv6_subnet_family_prefix = 32
-
-# Which addresses are we willing to contact directly?
-#
-# This option can be used to specify a set of addresses or ports that are
-# permitted: typically, because a local firewall blocks everything else.  For
-# example, [ "*:80", "*:443"] would only try to connect to relays on the network
-# that support port 80 or port 443. You can use prefix lengths and port ranges,
-# too: "198.51.100.0/24:1-1024" is a valid pattern.
-#
-# By default, all addresses and ports are permitted.
-#reachable_addrs = [ "*:*" ]
-
-# Configure preemptive circuit construction.
-#
-# Preemptive circuits are built ahead of time, to anticipate client need. This
-# section configures the way in which this demand is anticipated and in which
-# these circuits are constructed.
-[preemptive_circuits]
-# If we have at least this many available circuits, we suspend
-# construction of preemptive circuits. whether our available circuits
-# support our predicted exit ports or not.
-#disable_at_threshold = 12
-
-# At startup, which exit ports should we expect that the client will want?
-#
-# (Over time, new ports are added to this list in response to what the client
-# has actually requested.)
-#initial_predicted_ports = [80, 443]
-
-# After we see the client request a connection to a new port, how long should we
-# predict that the client will still want to have circuitsw available for that
-# port?
-#prediction_lifetime = "1 hour"
-
-# How many available circuits should we try to have, at minimum, for each
-# predicted exit port?
-#min_exit_circs_for_port = 2
-
-# Configuration information about the Tor network itself
-[tor_network]
-# List of locations to look in when downloading directory information
-# we don't actually have a directory yet.
-#   fallback_caches = [ <default list is compiled-in > ]
-
-# List of directory authorities which we expect to sign consensus documents.
-#   authorities = [ <default list is compiled-in > ]
-
-# Channels and their behaviour
-[channel]
-
-# Should we use reduced channel padding?  (This roughly halves the padding
-# cell frequency, and makes the padding unidrecteional, increasing the
-# traceability of the client connections.)
-# Or disable it entirely?
-#
-#padding = "normal"
-#   padding = "reduced"
-#   padding = "none"
-
-# Full manual control of the precise padding timing parameters is available
-# by setting `override_net_params.nf_ito_low` et al.
-# (See torpsec/padding-spec.txt section 3.4.)
-
-# Rules for how long circuits should survive, and how long pending
-# requests should wait for a circuit.
-[circuit_timing]
-
-# Once a circuit has been used for a request, we stop giving it out for
-# other requests after this time.
-#max_dirtiness = "10 minutes"
-
-# When a circuit is requested, we keep trying to build circuits for up
-# to this long before the request gives up.
-#request_timeout = "60 sec"
-
-# When a circuit is requested, we make up to this many attempts to build
-# circuits for it before the request gives up.
-#request_max_retries = 16
-
-# If a circuit is finished that would satisfy a pending request, but the
-# request is still waiting for its own circuits to complete, the request
-# will wait this long before using the unexpectedly available circuit.
-#request_loyalty = "50 msec"
-
-# Rules for which addresses a client is willing to try to connect to over
-# the tor network.
 [address_filter]
-
-# Should we allow attempts to make Tor connections to local addresses?
-#allow_local_addrs = false
-
-# Rules for how long streams should wait when connecting to host or performing a
-# DNS lookup.
-#
-# These timeouts measure the permitted time between sending a request on an
-# established circuit, and getting a response from the exit node.
 allow_onion_addrs = true
-
-[stream_timeouts]
-
-# How long should we wait before timing out a stream when connecting to a host?
-#connect_timeout = "10 sec"
-
-# How long should we wait before timing out when resolving a DNS record?
-#resolve_timeout = "10 sec"
-
-# How long should we wait before timing out when resolving a DNS PTR record?
-#resolve_ptr_timeout = "10 sec"
-
-# Configuration for the system resources used by Arti.
-[system]
-
-# What is the maximum number of file descriptors which should be available
-# to Arti when we launch?
-#max_files = 16384