networking: mirror september over tor

3 files changed, 66 insertions, 21 deletions

diff --git a/modules/server/networking/caddy.nix b/modules/server/networking/caddy.nix
index 6cf6d53..57481c4 100644
--- a/modules/server/networking/caddy.nix
+++ b/modules/server/networking/caddy.nix
@@ -2,29 +2,34 @@
   services.caddy = {
     enable = true;
 
-    virtualHosts = {
-      "mayu.due.moe".extraConfig = "reverse_proxy localhost:8098";
-      "counter.due.moe".extraConfig = "reverse_proxy localhost:8098";
-      "bin.fuwn.me".extraConfig = "reverse_proxy localhost:8090";
-      "status.due.moe".extraConfig = "reverse_proxy localhost:8099";
-      "beszel.fuwn.me".extraConfig = "reverse_proxy localhost:8083";
+    virtualHosts =
+      let
+        onion = "fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion";
+      in
+      {
+        "mayu.due.moe".extraConfig = "reverse_proxy localhost:8098";
+        "counter.due.moe".extraConfig = "reverse_proxy localhost:8098";
+        "bin.fuwn.me".extraConfig = "reverse_proxy localhost:8090";
+        "status.due.moe".extraConfig = "reverse_proxy localhost:8099";
+        "beszel.fuwn.me".extraConfig = "reverse_proxy localhost:8083";
+        ${onion}.extraConfig = "reverse_proxy localhost:8084";
 
-      "fuwn.me".extraConfig = ''
-        reverse_proxy localhost:8084
+        "fuwn.me".extraConfig = ''
+          reverse_proxy localhost:8084
 
-        header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path}
+          header Onion-Location http://${onion}{path}
 
-        @blocked {
-          path /proxy/illegaldrugs.net/cgi-bin/news.php*
-          path /proxy/scholasticdiversity.us.to/scriptures/*
-          path /proxy/jsreed5.org/oeis/*
-        }
-        respond @blocked 403
+          @blocked {
+            path /proxy/illegaldrugs.net/cgi-bin/news.php*
+            path /proxy/scholasticdiversity.us.to/scriptures/*
+            path /proxy/jsreed5.org/oeis/*
+          }
+          respond @blocked 403
 
-        @no_forwarded_for not header X-Forwarded-For *
-        request_header @no_forwarded_for X-Forwarded-For {remote_host}
-        respond /whoami {header.X-Forwarded-For} 200
-      '';
-    };
+          @no_forwarded_for not header X-Forwarded-For *
+          request_header @no_forwarded_for X-Forwarded-For {remote_host}
+          respond /whoami {header.X-Forwarded-For} 200
+        '';
+      };
   };
 }
diff --git a/modules/server/networking/default.nix b/modules/server/networking/default.nix
index 978eaa5..3706116 100644
--- a/modules/server/networking/default.nix
+++ b/modules/server/networking/default.nix
@@ -1,5 +1,8 @@
 {
-  imports = [ ./caddy.nix ];
+  imports = [
+    ./caddy.nix
+    ./tor.nix
+  ];
 
   networking = {
     hostName = "himeji";
diff --git a/modules/server/networking/tor.nix b/modules/server/networking/tor.nix
new file mode 100644
index 0000000..ab9afcc
--- /dev/null
+++ b/modules/server/networking/tor.nix
@@ -0,0 +1,37 @@
+{
+  services.tor = {
+    enable = true;
+    enableGeoIP = false;
+
+    relay.onionServices = {
+      "fuwn.me" = {
+        version = 3;
+
+        map = [
+          {
+            port = 80;
+
+            target = {
+              addr = "[::1]";
+              port = 8084;
+            };
+          }
+          {
+            port = 80;
+
+            target = {
+              addr = "0.0.0.0";
+              port = 8084;
+            };
+          }
+        ];
+      };
+    };
+
+    settings = {
+      ClientUseIPv4 = true;
+      ClientUseIPv6 = true;
+      ClientPreferIPv6ORPort = true;
+    };
+  };
+}