33 lines
947 B
Nix
33 lines
947 B
Nix
{ config, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
service-keys = config.services.tor.service-keys;
|
|
torDir = "/var/lib/tor";
|
|
in {
|
|
options.services.tor.service-keys = mkOption {
|
|
default = { };
|
|
type = with types; attrsOf str;
|
|
};
|
|
|
|
config = mkIf (service-keys != { }) {
|
|
systemd.services."install-tor-hidden-service-keys" = {
|
|
wantedBy = [ "tor.service" ];
|
|
serviceConfig.Type = "oneshot";
|
|
serviceConfig.User = "root";
|
|
serviceConfig.Group = "keys";
|
|
# TODO: update on change?
|
|
# TODO: better ways to get the keys on the server
|
|
script = concatStringsSep "\n" (mapAttrsToList (name: keypath: ''
|
|
if ! [[ -e ${torDir}/onion/${name}/private_key ]]; then
|
|
mkdir -p ${torDir}/onion/${name}/
|
|
cp ${keypath} ${torDir}/onion/${name}/private_key
|
|
chmod -R 700 ${torDir}/onion/${name}
|
|
chown -R tor ${torDir}/onion/${name}
|
|
fi
|
|
'') service-keys);
|
|
};
|
|
};
|
|
}
|