48 lines
1.3 KiB
Nix
48 lines
1.3 KiB
Nix
# SPDX-FileCopyrightText: 2022 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ pkgs, ... }:
|
|
let
|
|
hiddenService = "kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion";
|
|
in
|
|
{
|
|
services.tor = {
|
|
enable = true;
|
|
client.enable = true;
|
|
};
|
|
systemd.services."socat-trantor" = {
|
|
after = [ "network.target" ];
|
|
before = [ "nginx.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
DynamicUser = true;
|
|
ExecStart = "${pkgs.socat}/bin/socat tcp4-LISTEN:3003,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:${hiddenService}:80,socksport=9050";
|
|
Restart = "on-failure";
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
appendHttpConfig = ''
|
|
proxy_cache_path /var/cache/nginx/trantor levels=1:2 keys_zone=trantor:10m max_size=200m inactive=3600m use_temp_path=off;
|
|
'';
|
|
virtualHosts."buchborgen.sbruder.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
basicAuthFile = "/etc/nginx/trantor.htpasswd";
|
|
|
|
locations."/" = {
|
|
extraConfig = ''
|
|
proxy_set_header Authorization "";
|
|
proxy_set_header Host "${hiddenService}";
|
|
proxy_cache trantor;
|
|
proxy_cache_valid any 1h;
|
|
proxy_pass http://127.0.0.1:3003;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|