]>
Commit | Line | Data |
---|---|---|
a4993193 | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
35a397cd | 2 | let |
a4993193 | 3 | mastodon = pkgs.callPackage ./mastodon.nix { |
7f6bd78f | 4 | inherit (mylibs) fetchedGithub yarn2nixPackage; |
9d90e7e2 | 5 | env = myconfig.env.tools.mastodon; |
35a397cd IB |
6 | }; |
7 | ||
a95ab089 | 8 | root = "/run/current-system/webapps/tools_mastodon"; |
35a397cd IB |
9 | cfg = config.services.myWebsites.tools.mastodon; |
10 | in { | |
11 | options.services.myWebsites.tools.mastodon = { | |
12 | enable = lib.mkEnableOption "enable mastodon's website"; | |
13 | }; | |
14 | ||
15 | config = lib.mkIf cfg.enable { | |
50933a04 | 16 | deployment.keys = mastodon.keys; |
3b075825 IB |
17 | ids.uids.mastodon = myconfig.env.tools.mastodon.user.uid; |
18 | ids.gids.mastodon = myconfig.env.tools.mastodon.user.gid; | |
35a397cd IB |
19 | |
20 | users.users.mastodon = { | |
21 | name = "mastodon"; | |
22 | uid = config.ids.uids.mastodon; | |
23 | group = "mastodon"; | |
24 | description = "Mastodon user"; | |
fe6f1528 | 25 | home = mastodon.varDir; |
35a397cd IB |
26 | useDefaultShell = true; |
27 | }; | |
28 | ||
29 | users.groups.mastodon.gid = config.ids.gids.mastodon; | |
30 | ||
31 | systemd.services.mastodon-streaming = { | |
32 | description = "Mastodon Streaming"; | |
33 | wantedBy = [ "multi-user.target" ]; | |
34 | after = [ "network.target" "mastodon-web.service" ]; | |
35 | ||
36 | environment.NODE_ENV = "production"; | |
37 | environment.SOCKET = mastodon.nodeSocket; | |
38 | ||
39 | path = [ pkgs.nodejs pkgs.bashInteractive ]; | |
40 | ||
41 | script = '' | |
42 | exec npm run start | |
43 | ''; | |
44 | ||
45 | postStart = '' | |
46 | while [ ! -S $SOCKET ]; do | |
47 | sleep 0.5 | |
48 | done | |
49 | chmod a+w $SOCKET | |
50 | ''; | |
51 | ||
52 | postStop = '' | |
53 | rm $SOCKET | |
54 | ''; | |
55 | ||
56 | serviceConfig = { | |
57 | User = "mastodon"; | |
50933a04 | 58 | EnvironmentFile = "/run/keys/webapps/tools-mastodon"; |
35a397cd IB |
59 | PrivateTmp = true; |
60 | Restart = "always"; | |
61 | TimeoutSec = 15; | |
62 | Type = "simple"; | |
63 | WorkingDirectory = mastodon.railsRoot; | |
64 | }; | |
65 | ||
66 | unitConfig.RequiresMountsFor = mastodon.varDir; | |
67 | }; | |
68 | ||
69 | systemd.services.mastodon-web = { | |
70 | description = "Mastodon Web app"; | |
71 | wantedBy = [ "multi-user.target" ]; | |
72 | after = [ "network.target" ]; | |
73 | ||
74 | environment.RAILS_ENV = "production"; | |
61199e93 | 75 | environment.BUNDLE_PATH = "${mastodon.gems}/${mastodon.gems.ruby.gemPath}"; |
2ff7e086 | 76 | environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile"; |
35a397cd IB |
77 | environment.SOCKET = mastodon.railsSocket; |
78 | ||
2ff7e086 | 79 | path = [ mastodon.gems mastodon.gems.ruby pkgs.file ]; |
35a397cd IB |
80 | |
81 | preStart = '' | |
2ff7e086 | 82 | ./bin/bundle exec rails db:migrate |
35a397cd IB |
83 | ''; |
84 | ||
85 | script = '' | |
2ff7e086 | 86 | exec ./bin/bundle exec puma -C config/puma.rb |
35a397cd IB |
87 | ''; |
88 | ||
89 | serviceConfig = { | |
90 | User = "mastodon"; | |
50933a04 | 91 | EnvironmentFile = "/run/keys/webapps/tools-mastodon"; |
35a397cd IB |
92 | PrivateTmp = true; |
93 | Restart = "always"; | |
d65bf723 | 94 | TimeoutSec = 60; |
35a397cd IB |
95 | Type = "simple"; |
96 | WorkingDirectory = mastodon.railsRoot; | |
97 | }; | |
98 | ||
99 | unitConfig.RequiresMountsFor = mastodon.varDir; | |
100 | }; | |
101 | ||
102 | systemd.services.mastodon-sidekiq = { | |
103 | description = "Mastodon Sidekiq"; | |
104 | wantedBy = [ "multi-user.target" ]; | |
105 | after = [ "network.target" "mastodon-web.service" ]; | |
106 | ||
107 | environment.RAILS_ENV="production"; | |
2ff7e086 IB |
108 | environment.BUNDLE_PATH = "${mastodon.gems}/${mastodon.gems.ruby.gemPath}"; |
109 | environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile"; | |
35a397cd IB |
110 | environment.DB_POOL="5"; |
111 | ||
2ff7e086 | 112 | path = [ mastodon.gems mastodon.gems.ruby pkgs.imagemagick pkgs.ffmpeg pkgs.file ]; |
35a397cd IB |
113 | |
114 | script = '' | |
2ff7e086 | 115 | exec ./bin/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push |
35a397cd IB |
116 | ''; |
117 | ||
118 | serviceConfig = { | |
119 | User = "mastodon"; | |
50933a04 | 120 | EnvironmentFile = "/run/keys/webapps/tools-mastodon"; |
35a397cd IB |
121 | PrivateTmp = true; |
122 | Restart = "always"; | |
123 | TimeoutSec = 15; | |
124 | Type = "simple"; | |
125 | WorkingDirectory = mastodon.railsRoot; | |
126 | }; | |
127 | ||
128 | unitConfig.RequiresMountsFor = mastodon.varDir; | |
129 | }; | |
130 | ||
35a397cd IB |
131 | system.activationScripts.mastodon = { |
132 | deps = [ "users" ]; | |
133 | text = '' | |
134 | install -m 0755 -o mastodon -g mastodon -d ${mastodon.socketsDir} | |
2ff7e086 | 135 | install -m 0755 -o mastodon -g mastodon -d ${mastodon.varDir} ${mastodon.varDir}/tmp/cache |
35a397cd IB |
136 | ''; |
137 | }; | |
138 | ||
139 | services.myWebsites.tools.modules = [ | |
a952acc4 | 140 | "headers" "proxy" "proxy_wstunnel" "proxy_http" |
35a397cd IB |
141 | ]; |
142 | security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; | |
a95ab089 IB |
143 | system.extraSystemBuilderCmds = '' |
144 | mkdir -p $out/webapps | |
145 | ln -s ${mastodon.railsRoot}/public/ $out/webapps/tools_mastodon | |
146 | ''; | |
35a397cd IB |
147 | services.myWebsites.tools.vhostConfs.mastodon = { |
148 | certName = "eldiron"; | |
149 | hosts = ["mastodon.immae.eu" ]; | |
a95ab089 | 150 | root = root; |
35a397cd IB |
151 | extraConfig = [ '' |
152 | Header always set Referrer-Policy "strict-origin-when-cross-origin" | |
153 | Header always set Strict-Transport-Security "max-age=31536000" | |
154 | ||
155 | <LocationMatch "^/(assets|avatars|emoji|headers|packs|sounds|system)> | |
156 | Header always set Cache-Control "public, max-age=31536000, immutable" | |
157 | Require all granted | |
158 | </LocationMatch> | |
159 | ||
160 | ProxyPreserveHost On | |
161 | RequestHeader set X-Forwarded-Proto "https" | |
162 | ||
163 | RewriteEngine On | |
164 | ||
165 | ProxyPass /500.html ! | |
166 | ProxyPass /sw.js ! | |
167 | ProxyPass /embed.js ! | |
168 | ProxyPass /robots.txt ! | |
169 | ProxyPass /manifest.json ! | |
170 | ProxyPass /browserconfig.xml ! | |
171 | ProxyPass /mask-icon.svg ! | |
172 | ProxyPassMatch ^(/.*\.(png|ico|gif)$) ! | |
173 | ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) ! | |
174 | ||
a952acc4 IB |
175 | RewriteRule ^/api/v1/streaming/(.+)$ unix://${mastodon.nodeSocket}|http://mastodon.immae.eu/api/v1/streaming/$1 [P,NE,QSA,L] |
176 | RewriteRule ^/api/v1/streaming/$ unix://${mastodon.nodeSocket}|ws://mastodon.immae.eu/ [P,NE,QSA,L] | |
177 | ProxyPass / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/ | |
178 | ProxyPassReverse / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/ | |
35a397cd IB |
179 | |
180 | Alias /system ${mastodon.varDir} | |
181 | ||
182 | <Directory ${mastodon.varDir}> | |
183 | Require all granted | |
184 | Options -MultiViews | |
185 | </Directory> | |
186 | ||
a95ab089 | 187 | <Directory ${root}> |
35a397cd IB |
188 | Require all granted |
189 | Options -MultiViews +FollowSymlinks | |
190 | </Directory> | |
191 | ||
192 | ErrorDocument 500 /500.html | |
193 | ErrorDocument 501 /500.html | |
194 | ErrorDocument 502 /500.html | |
195 | ErrorDocument 503 /500.html | |
196 | ErrorDocument 504 /500.html | |
197 | '' ]; | |
198 | }; | |
199 | }; | |
200 | } |