renge/buchborgen: Init

This commit is contained in:
Simon Bruder 2022-06-27 14:45:48 +02:00
parent 8dc59487f3
commit d3c063b909
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
2 changed files with 44 additions and 0 deletions

View file

@ -7,6 +7,7 @@
./services/ankisyncd.nix ./services/ankisyncd.nix
./services/bang-evaluator.nix ./services/bang-evaluator.nix
./services/buchborgen.nix
./services/coturn.nix ./services/coturn.nix
./services/element-web.nix ./services/element-web.nix
./services/gitea.nix ./services/gitea.nix

View file

@ -0,0 +1,43 @@
{ pkgs, ... }:
let
hiddenService = "kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion";
in
{
services.tor = {
enable = true;
client.enable = true;
};
systemd.services."socat-trantor" = {
after = [ "network.target" ];
before = [ "nginx.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
ExecStart = "${pkgs.socat}/bin/socat tcp4-LISTEN:3003,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:${hiddenService}:80,socksport=9050";
Restart = "on-failure";
};
};
services.nginx = {
appendHttpConfig = ''
proxy_cache_path /var/cache/nginx/trantor levels=1:2 keys_zone=trantor:10m max_size=200m inactive=3600m use_temp_path=off;
'';
virtualHosts."buchborgen.sbruder.xyz" = {
enableACME = true;
forceSSL = true;
basicAuthFile = "/etc/nginx/trantor.htpasswd";
locations."/" = {
extraConfig = ''
proxy_set_header Authorization "";
proxy_set_header Host "${hiddenService}";
proxy_cache trantor;
proxy_cache_valid any 1h;
proxy_pass http://127.0.0.1:3003;
'';
};
};
};
}