941fbd2 os: Move Tor configuration to mixin — radicle-infra

rad:z254T5p17bdFPmzfDojsdjo4HjpoZ

Radicle Infrastructure as Code (NixOS, OpenTofu, …)

os: Move Tor configuration to mixin

Lorenz Leutgeb committed 10 months ago

commit 941fbd2814244f003e77ff7cde86fe20d8101288
parent a581ba4

2 files changed +40 -37

modified os/host/seed/tor.nix

@@ -1,40 +1,6 @@

 {
   config,
   lib,
   ...
 }: let
 let
   secret = "tor/hs_ed25519_secret_key";
 in {
   sops.secrets.${secret} = {
     sopsFile = ./sops/tor_hs_ed25519_secret_key.bin.json;
     format = "binary";
   };
   services.tor = {
     enable = true;
     client.enable = true;
     enableGeoIP = false;
     openFirewall = true;
     relay = {
       role = "private-bridge";
       onionServices = {
         "radicle" = {
           map = [
             {port = 8776;}
           ];
           secretKey = config.sops.secrets.${secret}.path;
         };
       };
     };
     settings = {
       Nickname = config.networking.hostName;
       ContactInfo = "team@${config.networking.domain}";
       ClientUseIPv6 = true;
       ORPort = 9001;
       DirPort = 9030;
     };
   };
   imports = [../../mixin/tor.nix];
   sops.secrets.${secret}.sopsFile = ./sops/tor_hs_ed25519_secret_key.bin.json;
 }

added os/mixin/tor.nix

@@ -0,0 +1,37 @@

 {
   config,
   lib,
   ...
 }: let
   secret = "tor/hs_ed25519_secret_key";
 in {
   sops.secrets.${secret}.format = "binary";
   services.tor = {
     enable = true;
     client.enable = true;
     enableGeoIP = false;
     openFirewall = true;
     relay = {
       role = "private-bridge";
       onionServices = {
         "radicle" = {
           map = [
             {port = 8776;}
           ];
           secretKey = config.sops.secrets.${secret}.path;
         };
       };
     };
     settings = {
       Nickname = config.networking.hostName;
       ContactInfo = "team@${config.networking.domain}";
       ClientUseIPv6 = true;
       ORPort = 9001;
       DirPort = 9030;
     };
   };
 }