feat: deployed application to tor

2026-02-11 18:57:53 -06:00 · 2026-02-11 18:57:53 -06:00 · 804cafad27
commit 804cafad27
parent a330ae2b1c
4 changed files with 92 additions and 13 deletions
--- a/nix/module.nix
+++ b/nix/module.nix
@ -6,21 +6,27 @@
 }: let
  cfg = config.services.volpe;

-  mkPkg = domain:
+  isOnion = domain: lib.hasSuffix ".onion" domain;
+
+  mkPkg = domain: let
+    protocol =
+      if isOnion domain
+      then "http"
+      else "https";
+  in
    pkgs.callPackage ./package.nix {
-      siteUrl = "https://${domain}";
+      siteUrl = "${protocol}://${domain}";
    };

  allDomains = [cfg.domain] ++ cfg.extraDomains;
+  regularDomains = lib.filter (d: !(isOnion d)) allDomains;
+  onionDomains = lib.filter isOnion cfg.extraDomains;

-  mkVirtualHost = domain: {
+  mkHost = domain: {
    root = "${mkPkg domain}";
-    forceSSL = cfg.enableACME;
-    enableACME = cfg.enableACME;
    locations."/" = {
      tryFiles = "$uri $uri/ /index.html";
    };
-    # Cache static assets (CSS, JS, images) for 1 year with immutable
    locations."~* \\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$" = {
      extraConfig = ''
        expires 1y;
@ -29,6 +35,28 @@
      '';
    };
  };
+
+  mkVirtualHost = domain:
+    {
+      forceSSL = cfg.enableACME;
+      enableACME = cfg.enableACME;
+    }
+    // (mkHost domain);
+
+  mkOnionVirtualHost = domain:
+    {
+      listen = [
+        {
+          addr = "[::1]";
+          port = 80;
+        }
+        {
+          addr = "127.0.0.1";
+          port = 80;
+        }
+      ];
+    }
+    // (mkHost domain);
 in {
  options.services.volpe = {
    enable = lib.mkEnableOption "volpe blog";
@ -64,13 +92,20 @@ in {
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
+      serverNamesHashBucketSize = 128;

-      # Create a virtualHost for each domain
-      virtualHosts = lib.listToAttrs (map (domain: {
-          name = domain;
-          value = mkVirtualHost domain;
-        })
-        allDomains);
+      virtualHosts = lib.listToAttrs (
+        (map (domain: {
+            name = domain;
+            value = mkVirtualHost domain;
+          })
+          regularDomains)
+        ++ (map (domain: {
+            name = domain;
+            value = mkOnionVirtualHost domain;
+          })
+          onionDomains)
+      );
    };

    security.acme = lib.mkIf cfg.enableACME {