stockholm/makefu/2configs/bgt/hidden_service.nix
2018-11-28 17:00:39 +01:00

49 lines
1.2 KiB
Nix

{ pkgs, lib, ... }:
with lib;
let
name = "bgt_cyberwar_hidden_service";
sec = (toString <secrets>) + "/";
secdir = sec + name;
srvdir = "/var/lib/tor/onion/";
basedir = srvdir + name;
hn = builtins.readFile (secdir + "/hostname");
in
{
systemd.services.prepare-hidden-service = {
wantedBy = [ "local-fs.target" ];
before = [ "tor.service" ];
serviceConfig = {
ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
#!/bin/sh
set -euf
if ! test -d "${basedir}" ;then
mkdir -p "${srvdir}"
cp -r "${secdir}" "${srvdir}"
chown -R tor:tor "${srvdir}"
chmod -R 700 "${basedir}"
else
echo "not overwriting ${basedir}"
fi
'';
Type = "oneshot";
RemainAfterExit = "yes";
TimeoutSec = "0";
};
};
services.nginx.virtualHosts."${hn}".locations."/" = {
proxyPass = "https://blog.binaergewitter.de";
extraConfig = ''
proxy_set_header Host blog.binaergewitter.de;
proxy_ssl_server_name on;
'';
};
services.tor = {
enable = true;
hiddenServices."${name}".map = [
{ port = "80"; }
# { port = "443"; toHost = "blog.binaergewitter.de"; }
];
};
}