diff options
author | lassulus <lassulus@lassul.us> | 2018-12-14 19:24:26 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2018-12-14 19:24:26 +0100 |
commit | 9a9a6d0a90072890b8946266abff1d98647c52fc (patch) | |
tree | 7b541f19ce2e5455d3ab9e2d546790c60439c07e /makefu/2configs/bgt/hidden_service.nix | |
parent | a56497f72ce37b08b49e9a1f86f3b8ddad8ad119 (diff) | |
parent | ce60c288e588d8968535399921e6735cc05acef1 (diff) |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/2configs/bgt/hidden_service.nix')
-rw-r--r-- | makefu/2configs/bgt/hidden_service.nix | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix new file mode 100644 index 000000000..c1a31b8dc --- /dev/null +++ b/makefu/2configs/bgt/hidden_service.nix @@ -0,0 +1,48 @@ +{ pkgs, lib, ... }: + +with lib; +let + name = "bgt_cyberwar_hidden_service"; + sec = (toString <secrets>) + "/"; + secdir = sec + name; + srvdir = "/var/lib/tor/onion/"; + basedir = srvdir + name; + hn = builtins.readFile (secdir + "/hostname"); +in +{ + systemd.services.prepare-hidden-service = { + wantedBy = [ "local-fs.target" ]; + before = [ "tor.service" ]; + serviceConfig = { + ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' + #!/bin/sh + set -euf + if ! test -d "${basedir}" ;then + mkdir -p "${srvdir}" + cp -r "${secdir}" "${srvdir}" + chown -R tor:tor "${srvdir}" + chmod -R 700 "${basedir}" + else + echo "not overwriting ${basedir}" + fi + ''; + Type = "oneshot"; + RemainAfterExit = "yes"; + TimeoutSec = "0"; + }; + }; + services.nginx.virtualHosts."${hn}".locations."/" = { + proxyPass = "https://blog.binaergewitter.de"; + extraConfig = '' + proxy_set_header Host blog.binaergewitter.de; + proxy_ssl_server_name on; + ''; + }; + services.tor = { + enable = true; + hiddenServices."${name}".map = [ + { port = "80"; } + # { port = "443"; toHost = "blog.binaergewitter.de"; } + ]; + }; +} |