stockholm/makefu/2configs/deployment/bgt/hidden_service.nix

{ pkgs, lib, ... }:

with lib;
let
  name = "bgt_cyberwar_hidden_service";
  sec = (toString <secrets>) + "/";
  secdir = sec + name;
  srvdir = "/var/lib/tor/onion/";
  basedir = srvdir + name;
  hn = builtins.readFile (secdir + "/hostname");
in
{
  systemd.services.prepare-hidden-service = {
    wantedBy = [ "local-fs.target" ];
    before = [ "tor.service" ];
    serviceConfig = {
      ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
        #!/bin/sh
        set -euf
        if ! test -d "${basedir}" ;then
          mkdir -p "${srvdir}"
          cp -r "${secdir}" "${srvdir}"
          chown -R tor:tor "${srvdir}"
          chmod -R 700 "${basedir}"
        else
          echo "not overwriting ${basedir}"
        fi
      '';
      Type = "oneshot";
      RemainAfterExit = "yes";
      TimeoutSec = "0";
    };
  };
  services.nginx.virtualHosts."${hn}".locations."/" = {
    proxyPass = "https://blog.binaergewitter.de";
    extraConfig = ''
        proxy_set_header  Host blog.binaergewitter.de;
        proxy_ssl_server_name on;
    '';
  };
  services.tor = {
    enable = true;
    hiddenServices."${name}".map = [
     { port = "80"; }
     # { port = "443"; toHost = "blog.binaergewitter.de"; }
    ];
  };
}
ma bgt: add hidden service description 2017-12-08 12:40:02 +00:00			`{ pkgs, lib, ... }:`

			`with lib;`
			`let`
			`name = "bgt_cyberwar_hidden_service";`
			`sec = (toString <secrets>) + "/";`
			`secdir = sec + name;`
			`srvdir = "/var/lib/tor/onion/";`
			`basedir = srvdir + name;`
			`hn = builtins.readFile (secdir + "/hostname");`
			`in`
			`{`
			`systemd.services.prepare-hidden-service = {`
			`wantedBy = [ "local-fs.target" ];`
			`before = [ "tor.service" ];`
			`serviceConfig = {`
			`ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''`
			`#!/bin/sh`
			`set -euf`
			`if ! test -d "${basedir}" ;then`
			`mkdir -p "${srvdir}"`
			`cp -r "${secdir}" "${srvdir}"`
			`chown -R tor:tor "${srvdir}"`
			`chmod -R 700 "${basedir}"`
			`else`
			`echo "not overwriting ${basedir}"`
			`fi`
			`'';`
			`Type = "oneshot";`
			`RemainAfterExit = "yes";`
			`TimeoutSec = "0";`
			`};`
			`};`
			`services.nginx.virtualHosts."${hn}".locations."/" = {`
			`proxyPass = "https://blog.binaergewitter.de";`
			`extraConfig = ''`
			`proxy_set_header Host blog.binaergewitter.de;`
			`proxy_ssl_server_name on;`
			`'';`
			`};`
			`services.tor = {`
			`enable = true;`
			`hiddenServices."${name}".map = [`
			`{ port = "80"; }`
			`# { port = "443"; toHost = "blog.binaergewitter.de"; }`
			`];`
			`};`
			`}`