Add single-hop onion service
This commit is contained in:
parent
87b41e0627
commit
10539c295b
|
@ -8,6 +8,7 @@
|
|||
../../common/services/acme.nix
|
||||
./services/nginx.nix
|
||||
./services/mail.nix
|
||||
./services/tor.nix
|
||||
./data/secrets/secrets.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [ ../../../common/services/nginx.nix ];
|
||||
services.nginx.virtualHosts = {
|
||||
|
@ -11,5 +12,18 @@
|
|||
forceSSL = true;
|
||||
root = "/var/www/mta-sts/public";
|
||||
};
|
||||
"ag6mlqzpyswq3oogpnuykgllnv5gevjew6dshzmotwgnpo5jw2jqltad.onion" = {
|
||||
# TODO: Do this with unix sockets instead
|
||||
listen = [ {
|
||||
addr = "[::1]";
|
||||
port = 8080;
|
||||
} ];
|
||||
root = "/var/www/nixaalb.org/public";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
systemd.services.nginx.serviceConfig = {
|
||||
PrivateTmp = lib.mkForce "false";
|
||||
};
|
||||
}
|
||||
|
|
27
config/hosts/capetillo/services/tor.nix
Normal file
27
config/hosts/capetillo/services/tor.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{config, ...}:
|
||||
{
|
||||
services.tor = {
|
||||
enable = true;
|
||||
enableGeoIP = false;
|
||||
settings = {
|
||||
HiddenServiceNonAnonymousMode = true;
|
||||
Sandbox = true;
|
||||
};
|
||||
relay.onionServices = {
|
||||
nixaalborg = {
|
||||
version = 3;
|
||||
map = [{
|
||||
port = 80;
|
||||
target = {
|
||||
# TODO: Do this with unix sockets instead
|
||||
addr = "[::1]";
|
||||
port = 8080;
|
||||
};
|
||||
}];
|
||||
settings = {
|
||||
hiddenServiceSingleHopMode = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue