feat: deployed application to tor

2026-02-11 18:57:53 -06:00 · 2026-02-11 18:57:53 -06:00 · 804cafad27
commit 804cafad27
parent a330ae2b1c
4 changed files with 92 additions and 13 deletions
--- a/_includes/base.njk
+++ b/_includes/base.njk
@ -83,6 +83,12 @@
    <!-- About site itself -->
    <div>
      <a href="https://git.jan-leila.com/jan-leila/volpe">source</a>
+      <a href="http://2ggpzgonqsll5gi56u47aywu4qyl37eiu5jjrq7ma43z77ekkwuqxmid.onion" style="display: flex;">
+        <span style="display: inline-block; width: 24px; height: 24px; margin: 0 8px;">
+          <img src="{{ 'onion-icon.svg' | fileHash('assets') }}" alt="Tor Onion Logo" style="width: 100%; height: 100%;">
+        </span>
+        onion mirror
+      </a>
      <span>&copy; {{ page.date.getFullYear() }} Volpe</span>
    </div>
  </footer>
--- a/assets/onion-icon.svg
+++ b/assets/onion-icon.svg
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="100%" height="100%" viewBox="0 0 180 180" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+    <g id="tor-glyph" stroke="none" stroke-width="1" fill="#000000" fill-rule="evenodd">
+        <path d="M90.1846205,163.631147 L90.1846205,152.721073 C124.743583,152.621278 152.726063,124.581416 152.726063,89.9975051 C152.726063,55.4160892 124.743583,27.3762266 90.1846205,27.2764318 L90.1846205,16.366358 C130.768698,16.4686478 163.633642,49.3909741 163.633642,89.9975051 C163.633642,130.606531 130.768698,163.531352 90.1846205,163.631147 Z M90.1846205,125.444642 C109.677053,125.342352 125.454621,109.517381 125.454621,89.9975051 C125.454621,70.4801242 109.677053,54.6551533 90.1846205,54.5528636 L90.1846205,43.6452847 C115.704663,43.7450796 136.364695,64.4550091 136.364695,89.9975051 C136.364695,115.542496 115.704663,136.252426 90.1846205,136.35222 L90.1846205,125.444642 Z M90.1846205,70.9167267 C100.640628,71.0165216 109.090758,79.5165493 109.090758,89.9975051 C109.090758,100.480956 100.640628,108.980984 90.1846205,109.080778 L90.1846205,70.9167267 Z M0,89.9975051 C0,139.705328 40.2921772,180 90,180 C139.705328,180 180,139.705328 180,89.9975051 C180,40.2921772 139.705328,0 90,0 C40.2921772,0 0,40.2921772 0,89.9975051 Z" id="tor-glyph" fill="#000000"></path>
+    </g>
+</svg>
--- a/nix/configuration.nix
+++ b/nix/configuration.nix
@ -35,8 +35,40 @@
  services.volpe = {
    enable = true;
    domain = "blog.jan-leila.com";
-    extraDomains = ["volpe.jan-leila.com"];
+    extraDomains = [
+      "volpe.jan-leila.com"
+      "2ggpzgonqsll5gi56u47aywu4qyl37eiu5jjrq7ma43z77ekkwuqxmid.onion"
+    ];
    enableACME = true;
    acmeEmail = "leyla@jan-leila.com";
  };
+
+  services.tor = {
+    enable = true;
+    enableGeoIP = false;
+    relay.onionServices = {
+      volpe = {
+        version = 3;
+        map = [
+          {
+            port = 80;
+            target = {
+              addr = "[::1]";
+              port = 80;
+            };
+          }
+        ];
+      };
+    };
+    settings = {
+      ClientUseIPv4 = true;
+      ClientUseIPv6 = true;
+      ClientPreferIPv6ORPort = true;
+    };
+  };
+
+  services.snowflake-proxy = {
+    enable = true;
+    capacity = 100;
+  };
 }
--- a/nix/module.nix
+++ b/nix/module.nix
@ -6,21 +6,27 @@
 }: let
  cfg = config.services.volpe;

-  mkPkg = domain:
+  isOnion = domain: lib.hasSuffix ".onion" domain;
+
+  mkPkg = domain: let
+    protocol =
+      if isOnion domain
+      then "http"
+      else "https";
+  in
    pkgs.callPackage ./package.nix {
-      siteUrl = "https://${domain}";
+      siteUrl = "${protocol}://${domain}";
    };

  allDomains = [cfg.domain] ++ cfg.extraDomains;
+  regularDomains = lib.filter (d: !(isOnion d)) allDomains;
+  onionDomains = lib.filter isOnion cfg.extraDomains;

-  mkVirtualHost = domain: {
+  mkHost = domain: {
    root = "${mkPkg domain}";
-    forceSSL = cfg.enableACME;
-    enableACME = cfg.enableACME;
    locations."/" = {
      tryFiles = "$uri $uri/ /index.html";
    };
-    # Cache static assets (CSS, JS, images) for 1 year with immutable
    locations."~* \\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$" = {
      extraConfig = ''
        expires 1y;
@ -29,6 +35,28 @@
      '';
    };
  };
+
+  mkVirtualHost = domain:
+    {
+      forceSSL = cfg.enableACME;
+      enableACME = cfg.enableACME;
+    }
+    // (mkHost domain);
+
+  mkOnionVirtualHost = domain:
+    {
+      listen = [
+        {
+          addr = "[::1]";
+          port = 80;
+        }
+        {
+          addr = "127.0.0.1";
+          port = 80;
+        }
+      ];
+    }
+    // (mkHost domain);
 in {
  options.services.volpe = {
    enable = lib.mkEnableOption "volpe blog";
@ -64,13 +92,20 @@ in {
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
+      serverNamesHashBucketSize = 128;

-      # Create a virtualHost for each domain
-      virtualHosts = lib.listToAttrs (map (domain: {
+      virtualHosts = lib.listToAttrs (
+        (map (domain: {
            name = domain;
            value = mkVirtualHost domain;
          })
-        allDomains);
+          regularDomains)
+        ++ (map (domain: {
+            name = domain;
+            value = mkOnionVirtualHost domain;
+          })
+          onionDomains)
+      );
    };

    security.acme = lib.mkIf cfg.enableACME {