summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bgt/hidden_service.nix
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2018-12-14 19:24:26 +0100
committerlassulus <lassulus@lassul.us>2018-12-14 19:24:26 +0100
commit9a9a6d0a90072890b8946266abff1d98647c52fc (patch)
tree7b541f19ce2e5455d3ab9e2d546790c60439c07e /makefu/2configs/bgt/hidden_service.nix
parenta56497f72ce37b08b49e9a1f86f3b8ddad8ad119 (diff)
parentce60c288e588d8968535399921e6735cc05acef1 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/2configs/bgt/hidden_service.nix')
-rw-r--r--makefu/2configs/bgt/hidden_service.nix48
1 files changed, 48 insertions, 0 deletions
diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix
new file mode 100644
index 000000000..c1a31b8dc
--- /dev/null
+++ b/makefu/2configs/bgt/hidden_service.nix
@@ -0,0 +1,48 @@
+{ pkgs, lib, ... }:
+
+with lib;
+let
+ name = "bgt_cyberwar_hidden_service";
+ sec = (toString <secrets>) + "/";
+ secdir = sec + name;
+ srvdir = "/var/lib/tor/onion/";
+ basedir = srvdir + name;
+ hn = builtins.readFile (secdir + "/hostname");
+in
+{
+ systemd.services.prepare-hidden-service = {
+ wantedBy = [ "local-fs.target" ];
+ before = [ "tor.service" ];
+ serviceConfig = {
+ ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
+ #!/bin/sh
+ set -euf
+ if ! test -d "${basedir}" ;then
+ mkdir -p "${srvdir}"
+ cp -r "${secdir}" "${srvdir}"
+ chown -R tor:tor "${srvdir}"
+ chmod -R 700 "${basedir}"
+ else
+ echo "not overwriting ${basedir}"
+ fi
+ '';
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ TimeoutSec = "0";
+ };
+ };
+ services.nginx.virtualHosts."${hn}".locations."/" = {
+ proxyPass = "https://blog.binaergewitter.de";
+ extraConfig = ''
+ proxy_set_header Host blog.binaergewitter.de;
+ proxy_ssl_server_name on;
+ '';
+ };
+ services.tor = {
+ enable = true;
+ hiddenServices."${name}".map = [
+ { port = "80"; }
+ # { port = "443"; toHost = "blog.binaergewitter.de"; }
+ ];
+ };
+}