Add single-hop onion service

This commit is contained in:
Emelie Graven 2021-11-26 14:45:04 +01:00
parent 87b41e0627
commit 10539c295b
Signed by: emelie
GPG key ID: C11123726DBB55A1
3 changed files with 42 additions and 0 deletions

View file

@ -8,6 +8,7 @@
../../common/services/acme.nix
./services/nginx.nix
./services/mail.nix
./services/tor.nix
./data/secrets/secrets.nix
];

View file

@ -1,3 +1,4 @@
{ lib, ... }:
{
imports = [ ../../../common/services/nginx.nix ];
services.nginx.virtualHosts = {
@ -11,5 +12,18 @@
forceSSL = true;
root = "/var/www/mta-sts/public";
};
"ag6mlqzpyswq3oogpnuykgllnv5gevjew6dshzmotwgnpo5jw2jqltad.onion" = {
# TODO: Do this with unix sockets instead
listen = [ {
addr = "[::1]";
port = 8080;
} ];
root = "/var/www/nixaalb.org/public";
};
};
systemd.services.nginx.serviceConfig = {
PrivateTmp = lib.mkForce "false";
};
}

View file

@ -0,0 +1,27 @@
{config, ...}:
{
services.tor = {
enable = true;
enableGeoIP = false;
settings = {
HiddenServiceNonAnonymousMode = true;
Sandbox = true;
};
relay.onionServices = {
nixaalborg = {
version = 3;
map = [{
port = 80;
target = {
# TODO: Do this with unix sockets instead
addr = "[::1]";
port = 8080;
};
}];
settings = {
hiddenServiceSingleHopMode = true;
};
};
};
};
}