nixos/tor: add tor-init service to fix directory ownerships, fix hardenings

This reverts a part of 5bd12c694bfebaef1d03eb7f74a6eca01b86f546.

Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.

These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.

`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.

`--RunAsDaemon 0` is the default value according to tor(5), removed.

0 files changed, 0 insertions, 0 deletions