Tor setup 2

mkosi.postinst

@@ -27,6 +27,9 @@ chmod -R u=rwX,g=,o= /etc/sftpgo
 chown -R sftpgo:php-niver /srv/ht
 chmod -R u=rwX,g=rwX,o=rX /srv/ht
 
+chown -R php-niver:tor /etc/tor/instances/niver
+chmod -R u=rwX,g=rX,o= /etc/tor/instances/niver
+
 chmod 555 /srv/php
 
 chown -R php-errors:nginx /srv/php/errors
@@ -45,6 +48,8 @@ chmod -R u=rw,g=rw,o= /srv/php/niver/auth.log
 # Load configuration in Knot database
 sudo -u knot knotc conf-import /etc/knot/knot.conf
 
+# PHP paths unification across distributions
+
 export PHP_INI=/etc/php/php.ini
 
 if [[ $ID = "debian" ]]; then
@@ -63,6 +68,12 @@ display_errors = On
 extension = pdo_sqlite
 EOF
 
+if [[ $ID = "arch" ]]; then
+	ln -s /etc/tor/instances/niver/torrc /etc/tor/torrc
+fi
+
+# Start SystemD services at startup
+
 systemctl enable sftpgo
 
 if [[ $ID = "arch" ]]; then

mkosi.prepare

@@ -1,9 +1,10 @@
 #!/usr/bin/bash
 source /etc/os-release
 
-# Clean configuration directories (will be filled with mkosi.extra/)
+# Clear configuration (will be filled with mkosi.extra/)
 rm -r /etc/nginx/*
 rm -r /etc/ssh/*
+rm /etc/tor/torrc
 if [[ $ID = "debian" ]]; then
 	rm -r /etc/php/7.4/fpm/pool.d
 	rm /usr/lib/tmpfiles.d/php7.4-fpm.conf
@@ -12,6 +13,11 @@ if [[ $ID = "arch" ]]; then
 	rm /etc/php/php-fpm.d/*
 fi
 
+# Create dedicated Tor instance
+if [[ $ID = "debian" ]]; then
+	tor-instance-create niver
+fi
+
 # Generate default self-signed TLS key pair
 openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
 

mkosi.skeleton/etc/systemd/system/php-fpm.service.d/override.conf

@@ -1,2 +1,3 @@
 [Service]
 ReadWritePaths=/etc/nginx/ht
+ReadWritePaths=/etc/tor/instances/niver

mkosi.skeleton/etc/systemd/system/tor.service.d/override.conf

@@ -0,0 +1,4 @@
+[Service]
+ReadWritePaths=/var/lib/tor-instances/niver/
+# To allow reloading service on Arch Linux
+CapabilityBoundingSet=CAP_KILL

mkosi.skeleton/srv/php/niver

@@ -1 +1 @@
-Subproject commit e60f9c929259f684ac97a28a54bc7f253004fb3a
+Subproject commit 91441c5f1d30125d9e15bea810a3d2faaa603dc0

mkosi.skeleton/usr/local/share/niver/knot.template

@@ -1,2 +0,0 @@
-DOMAIN 3600 SOA ns1.niver.test. admin.niver.test. 1 21600 7200 3628800 3600
-DOMAIN 86400 NS ns1.niver.test.

mkosi.skeleton/usr/local/share/niver/nginx/dns.template

@@ -1,15 +0,0 @@
-server {
-	listen [::]:{{HTTPS_PORT}} ssl http2;
-	listen 0.0.0.0:{{HTTPS_PORT}} ssl http2;
-	server_name {{DOMAIN}};
-	root {{HT_PATH}}/{{USERNAME}}/{{DIR}};
-
-	ssl_certificate /etc/ssl/certs/niver.crt;
-	ssl_certificate_key /etc/ssl/private/niver.key;
-
-	include inc/tls.conf;
-
-	location / {
-		try_files $uri $uri.html $uri/ =404;
-	}
-}

mkosi.skeleton/usr/local/share/niver/nginx/onion.template

@@ -1,9 +0,0 @@
-server {
-	listen [::1]:{{INTERNAL_ONION_HTTP_PORT}};
-	server_name {{DOMAIN}};
-	root {{HT_PATH}}/{{USERNAME}}/{{DIR}};
-
-	location / {
-		try_files $uri $uri.html $uri/ =404;
-	}
-}