1 files changed, 24 insertions, 9 deletions

diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix
index 1e56e62f9..acbe717d9 100644
--- a/krebs/3modules/hidden-ssh.nix
+++ b/krebs/3modules/hidden-ssh.nix
@@ -19,6 +19,14 @@ let
       type = types.str;
       default = "irc.hackint.org";
     };
+    port = mkOption {
+      type = types.int;
+      default = 6697;
+    };
+    tls = mkOption {
+      type = types.bool;
+      default = true;
+    };
     message = mkOption {
       type = types.str;
       default = "SSH Hidden Service at ";
@@ -27,14 +35,17 @@ let
 
   imp = let
     torDirectory = "/var/lib/tor"; # from tor.nix
-    hiddenServiceDir = torDirectory + "/ssh-announce-service";
+    hiddenServiceDir = torDirectory + "/onion/hidden-ssh";
   in {
     services.tor = {
       enable = true;
-      extraConfig = ''
-        HiddenServiceDir ${hiddenServiceDir}
-        HiddenServicePort 22 127.0.0.1:22
-      '';
+      relay.onionServices.hidden-ssh = {
+        version = 3;
+        map = [{
+          port = 22;
+          target.port = 22;
+        }];
+      };
       client.enable = true;
     };
     systemd.services.hidden-ssh-announce = {
@@ -50,10 +61,14 @@ let
             echo "still waiting for ${hiddenServiceDir}/hostname"
             sleep 1
           done
-          ${pkgs.untilport}/bin/untilport ${cfg.server} 6667 && \
-            ${pkgs.irc-announce}/bin/irc-announce \
-            ${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \
-            \${cfg.channel} \
+          ${pkgs.untilport}/bin/untilport ${escapeShellArg cfg.server} ${toString cfg.port}
+
+          ${pkgs.irc-announce}/bin/irc-announce \
+            ${escapeShellArg cfg.server} \
+            ${toString cfg.port} \
+            "${config.krebs.build.host.name}-ssh" \
+            ${escapeShellArg cfg.channel} \
+            ${escapeShellArg cfg.tls} \
             "${cfg.message}$(cat ${hiddenServiceDir}/hostname)"
         '';
         PrivateTmp = "true";