49 lines
1.2 KiB
Nix
49 lines
1.2 KiB
Nix
{ pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
let
|
|
name = "bgt_cyberwar_hidden_service";
|
|
sec = (toString <secrets>) + "/";
|
|
secdir = sec + name;
|
|
srvdir = "/var/lib/tor/onion/";
|
|
basedir = srvdir + name;
|
|
hn = builtins.readFile (secdir + "/hostname");
|
|
in
|
|
{
|
|
systemd.services.prepare-hidden-service = {
|
|
wantedBy = [ "local-fs.target" ];
|
|
before = [ "tor.service" ];
|
|
serviceConfig = {
|
|
ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
|
|
#!/bin/sh
|
|
set -euf
|
|
if ! test -d "${basedir}" ;then
|
|
mkdir -p "${srvdir}"
|
|
cp -r "${secdir}" "${srvdir}"
|
|
chown -R tor:tor "${srvdir}"
|
|
chmod -R 700 "${basedir}"
|
|
else
|
|
echo "not overwriting ${basedir}"
|
|
fi
|
|
'';
|
|
Type = "oneshot";
|
|
RemainAfterExit = "yes";
|
|
TimeoutSec = "0";
|
|
};
|
|
};
|
|
services.nginx.virtualHosts."${hn}".locations."/" = {
|
|
proxyPass = "https://blog.binaergewitter.de";
|
|
extraConfig = ''
|
|
proxy_set_header Host blog.binaergewitter.de;
|
|
proxy_ssl_server_name on;
|
|
'';
|
|
};
|
|
services.tor = {
|
|
enable = true;
|
|
hiddenServices."${name}".map = [
|
|
{ port = "80"; }
|
|
# { port = "443"; toHost = "blog.binaergewitter.de"; }
|
|
];
|
|
};
|
|
}
|