Temporarily host fmap/muflax65ngodyewp.onion

2016-04-29 01:07:06 +02:00 · 2016-04-29 01:07:06 +02:00 · 496a9b41ee
parent 1928755491
commit 496a9b41ee
4 changed files with 64 additions and 1 deletions
--- a/2
+++ b/2
@ -15,7 +15,7 @@ remote)
 	eval ${@:2}
 	;;
 remote-new)
-	export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-16.03/nixexprs.tar.xz:ssh-id-file=`pwd`/deploy_key":secrets=`pwd`/secrets.nix
+	export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-16.03/nixexprs.tar.xz:ssh-id-file=`pwd`/deploy_key":secrets=`pwd`/secrets.nix:muflax-blog=./vendor/muflax-blog
 	eval ${@:2}
 	;;
 local-deploy)
--- a/modules/muflax-blog.nix
+++ b/modules/muflax-blog.nix
@ -0,0 +1,50 @@
+{ pkgs, config, lib, ... }:
+
+
+let
+  cfg = config.services.muflax-blog;
+  blog = lib.overrideDerivation (pkgs.callPackage <muflax-blog/maintenance> {}) (default: {
+    buildPhase = default.buildPhase + "\n" + ''
+      grep -lr '[^@]muflax.com' out | xargs -r sed -i 's/\([^@]\)muflax.com/\1${cfg.hidden-service.hostname}/g'
+    '';
+  });
+in with lib; {
+  options.services.muflax-blog = {
+    enable = mkOption { type = types.bool; default = false; };
+    web-server = {
+      port = mkOption { type = types.int; };
+    };
+    hidden-service = {
+      hostname    = mkOption { type = types.str; };
+      private_key = mkOption { type = types.str; };
+    };
+  };
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      httpConfig = ''
+        server {
+          index index.html;
+          port_in_redirect off;
+          listen 127.0.0.1:${toString cfg.web-server.port};
+          server_name ${cfg.hidden-service.hostname};
+          root ${blog}/muflax;
+        }
+      '' + concatStringsSep "\n" (map (site: ''
+        server {
+          index index.html;
+          port_in_redirect off;
+          listen 127.0.0.1:${toString cfg.web-server.port};
+          server_name ${site}.${cfg.hidden-service.hostname};
+          root ${blog}/${site};
+        }
+      '') ["daily" "gospel" "blog"]);
+    };
+    services.tor.hiddenServices = [{
+      name = "muflax-blog";
+      remote_port = 80;
+      inherit (cfg.web-server) port;
+      inherit (cfg.hidden-service) hostname private_key;
+    }];
+  };
+}
--- a/pennyworth/configuration.nix
+++ b/pennyworth/configuration.nix
@ -18,6 +18,7 @@ in
      ../modules/mailz.nix
      ../modules/nginx.nix
      ../modules/tor-hidden-service.nix
+      ../modules/muflax-blog.nix
  ];

  networking.hostName = secrets.hostnames.pennyworth;
@ -143,4 +144,15 @@ in
      chown -R prosody:prosody /var/lib/prosody
  '';
  networking.firewall.allowedTCPPorts = [5222 5269];
+
+  services.muflax-blog = {
+    enable = true;
+    web-server = {
+      port = 9001;
+    };
+    hidden-service = {
+      hostname = "muflax65ngodyewp.onion";
+      private_key = "/run/keys/torkeys/http.muflax.key";
+    };
+  };
 }
--- a/vendor/muflax-blog
+++ b/vendor/muflax-blog
@ -0,0 +1 @@
+Subproject commit e5ce7ae4296c6605a7e886c153d569fc38318096
				`@ -0,0 +1 @@`
				`Subproject commit e5ce7ae4296c6605a7e886c153d569fc38318096`