From b6bf3fe01f4a8c1d4e62457c421a697a8c33d553 Mon Sep 17 00:00:00 2001
From: Ivan Reshetnikov <ordinarydev@protonmail.com>
Date: Tue, 15 Oct 2024 00:24:44 +0500
Subject: [PATCH] Make mastodon available in tor

---
 roles/haproxy/files/haproxy.cfg          | 14 ++++++++++----
 roles/mastodon/templates/mastodon.env.j2 |  1 +
 roles/tor/tasks/main.yml                 |  1 +
 roles/tor/templates/torrc.j2             |  2 +-
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
index 2a09d7a..ddbeb01 100644
--- a/roles/haproxy/files/haproxy.cfg
+++ b/roles/haproxy/files/haproxy.cfg
@@ -29,11 +29,14 @@ frontend www
     mode http
     bind :80
     bind :443 ssl crt /usr/local/etc/haproxy/certs
-    http-request redirect scheme https unless { ssl_fc }
+
+    acl host_mastodon_tor hdr(host) -i mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
+
+    http-request redirect scheme https if !{ ssl_fc } !host_mastodon_tor
     http-request set-header X-Forwarded-Proto https if { ssl_fc }
     http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
 
-    acl acl_mastodon hdr(host) -i m.comfycamp.space
+    acl host_mastodon hdr(host) -i m.comfycamp.space
     acl acl_s3 hdr(host) -i s3.comfycamp.space
     acl acl_comfycamp hdr(host) -i comfycamp.space
     acl acl_vaultwarden hdr(host) -i vault.comfycamp.space
@@ -44,8 +47,9 @@ frontend www
     acl matrix-path path_beg /_matrix
     acl matrix-path path_beg /_synapse/client
 
-    use_backend mastodon_streaming if acl_mastodon { path_beg /api/v1/streaming }
-    use_backend mastodon if acl_mastodon
+    use_backend mastodon_streaming if host_mastodon { path_beg /api/v1/streaming }
+    use_backend mastodon_streaming if host_mastodon_tor { path_beg /api/v1/streaming }
+    use_backend mastodon if host_mastodon || host_mastodon_tor
     use_backend minio if acl_s3
     use_backend matrix if matrix-host matrix-path
     use_backend minio_console if acl_minio
@@ -67,6 +71,8 @@ backend comfycamp
 backend mastodon
     mode http
     option forwardfor
+    http-response set-header Referrer-Policy same-origin
+    http-response set-header Onion-Location http://mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion%[capture.req.uri]
     server green mastodon-web:3000 check
 
 backend mastodon_streaming
diff --git a/roles/mastodon/templates/mastodon.env.j2 b/roles/mastodon/templates/mastodon.env.j2
index 24ee843..e4c7897 100644
--- a/roles/mastodon/templates/mastodon.env.j2
+++ b/roles/mastodon/templates/mastodon.env.j2
@@ -1,4 +1,5 @@
 LOCAL_DOMAIN={{ local_domain }}
+ALTERNATE_DOMAINS=mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
 
 REDIS_HOST=redis-mastodon
 REDIS_PORT=6379
diff --git a/roles/tor/tasks/main.yml b/roles/tor/tasks/main.yml
index f6a2b66..2e37327 100644
--- a/roles/tor/tasks/main.yml
+++ b/roles/tor/tasks/main.yml
@@ -41,6 +41,7 @@
     image: git.comfycamp.space/lumin/homelab-tor:v0.0.2
     networks:
       - name: tor
+      - name: haproxy
     volumes:
       - /etc/tor:/etc/tor:ro
       - /var/lib/tor:/var/lib/tor
diff --git a/roles/tor/templates/torrc.j2 b/roles/tor/templates/torrc.j2
index 02c59c4..2432779 100644
--- a/roles/tor/templates/torrc.j2
+++ b/roles/tor/templates/torrc.j2
@@ -67,7 +67,7 @@ DataDirectory /var/lib/tor
 ## address y:z.
 
 HiddenServiceDir /var/lib/tor/mastodon/
-HiddenServicePort 80 127.0.0.1:80
+HiddenServicePort 80 haproxy:80
 
 ################ This section is just for relays #####################
 #