# Make sure your /etc/tor/torrc has these 
# ( then restart tor service using 
#     sudo systemctl stop tor.service; 
#     sudo systemctl start tor.service; 
#     sudo systemctl enable tor.service;


# Put zeronet in the tor group ( it's tor on arch, might be debian-tor or whatever for you )
# Then the control port will be acceessable to those users in the tor group

# Below goes in your /etc/tor/torrc:

## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
DataDirectory /var/lib/tor
DataDirectoryGroupReadable 1

## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053
EC4C
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/lib/tor/control_auth_cookie

## TRANSPARENT PROXY
## This is to allow tor to proxy dns  ( if you're limiting the zeronet user to only use tor you need to be able to use dns via this )
## - it's not strictly necessary but combined with these firewall rules: (see https://pastebin.pl/view/88b4a8f4 ) it can save your ass from 
## misconfigurations since with tor-only configured in firewall even if zeronet tries to access clearnet, it will be reidrected to tor.
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353