]>
Commit | Line | Data |
---|---|---|
9d90e7e2 | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
35a397cd IB |
2 | let |
3 | mastodon = pkgs.callPackage ./mastodon.nix { | |
9d90e7e2 IB |
4 | inherit (mylibs) fetchedGithub; |
5 | env = myconfig.env.tools.mastodon; | |
35a397cd IB |
6 | }; |
7 | ||
8 | cfg = config.services.myWebsites.tools.mastodon; | |
9 | in { | |
10 | options.services.myWebsites.tools.mastodon = { | |
11 | enable = lib.mkEnableOption "enable mastodon's website"; | |
12 | }; | |
13 | ||
14 | config = lib.mkIf cfg.enable { | |
35a397cd IB |
15 | ids.uids.mastodon = 399; |
16 | ids.gids.mastodon = 399; | |
17 | ||
18 | users.users.mastodon = { | |
19 | name = "mastodon"; | |
20 | uid = config.ids.uids.mastodon; | |
21 | group = "mastodon"; | |
22 | description = "Mastodon user"; | |
21b095c7 | 23 | home = mastodon.railsRoot; |
35a397cd IB |
24 | useDefaultShell = true; |
25 | }; | |
26 | ||
27 | users.groups.mastodon.gid = config.ids.gids.mastodon; | |
28 | ||
29 | systemd.services.mastodon-streaming = { | |
30 | description = "Mastodon Streaming"; | |
31 | wantedBy = [ "multi-user.target" ]; | |
32 | after = [ "network.target" "mastodon-web.service" ]; | |
33 | ||
34 | environment.NODE_ENV = "production"; | |
35 | environment.SOCKET = mastodon.nodeSocket; | |
36 | ||
37 | path = [ pkgs.nodejs pkgs.bashInteractive ]; | |
38 | ||
39 | script = '' | |
40 | exec npm run start | |
41 | ''; | |
42 | ||
43 | postStart = '' | |
44 | while [ ! -S $SOCKET ]; do | |
45 | sleep 0.5 | |
46 | done | |
47 | chmod a+w $SOCKET | |
48 | ''; | |
49 | ||
50 | postStop = '' | |
51 | rm $SOCKET | |
52 | ''; | |
53 | ||
54 | serviceConfig = { | |
55 | User = "mastodon"; | |
56 | EnvironmentFile = mastodon.config; | |
57 | PrivateTmp = true; | |
58 | Restart = "always"; | |
59 | TimeoutSec = 15; | |
60 | Type = "simple"; | |
61 | WorkingDirectory = mastodon.railsRoot; | |
62 | }; | |
63 | ||
64 | unitConfig.RequiresMountsFor = mastodon.varDir; | |
65 | }; | |
66 | ||
67 | systemd.services.mastodon-web = { | |
68 | description = "Mastodon Web app"; | |
69 | wantedBy = [ "multi-user.target" ]; | |
70 | after = [ "network.target" ]; | |
71 | ||
72 | environment.RAILS_ENV = "production"; | |
2ff7e086 IB |
73 | environment.BUNDLE_PATH = "${mastodon.gems}/lib/ruby/gems/2.5.0"; |
74 | environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile"; | |
35a397cd IB |
75 | environment.SOCKET = mastodon.railsSocket; |
76 | ||
2ff7e086 | 77 | path = [ mastodon.gems mastodon.gems.ruby pkgs.file ]; |
35a397cd IB |
78 | |
79 | preStart = '' | |
2ff7e086 | 80 | ./bin/bundle exec rails db:migrate |
35a397cd IB |
81 | ''; |
82 | ||
83 | script = '' | |
2ff7e086 | 84 | exec ./bin/bundle exec puma -C config/puma.rb |
35a397cd IB |
85 | ''; |
86 | ||
87 | serviceConfig = { | |
88 | User = "mastodon"; | |
89 | EnvironmentFile = mastodon.config; | |
90 | PrivateTmp = true; | |
91 | Restart = "always"; | |
d65bf723 | 92 | TimeoutSec = 60; |
35a397cd IB |
93 | Type = "simple"; |
94 | WorkingDirectory = mastodon.railsRoot; | |
95 | }; | |
96 | ||
97 | unitConfig.RequiresMountsFor = mastodon.varDir; | |
98 | }; | |
99 | ||
100 | systemd.services.mastodon-sidekiq = { | |
101 | description = "Mastodon Sidekiq"; | |
102 | wantedBy = [ "multi-user.target" ]; | |
103 | after = [ "network.target" "mastodon-web.service" ]; | |
104 | ||
105 | environment.RAILS_ENV="production"; | |
2ff7e086 IB |
106 | environment.BUNDLE_PATH = "${mastodon.gems}/${mastodon.gems.ruby.gemPath}"; |
107 | environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile"; | |
35a397cd IB |
108 | environment.DB_POOL="5"; |
109 | ||
2ff7e086 | 110 | path = [ mastodon.gems mastodon.gems.ruby pkgs.imagemagick pkgs.ffmpeg pkgs.file ]; |
35a397cd IB |
111 | |
112 | script = '' | |
2ff7e086 | 113 | exec ./bin/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push |
35a397cd IB |
114 | ''; |
115 | ||
116 | serviceConfig = { | |
117 | User = "mastodon"; | |
118 | EnvironmentFile = mastodon.config; | |
119 | PrivateTmp = true; | |
120 | Restart = "always"; | |
121 | TimeoutSec = 15; | |
122 | Type = "simple"; | |
123 | WorkingDirectory = mastodon.railsRoot; | |
124 | }; | |
125 | ||
126 | unitConfig.RequiresMountsFor = mastodon.varDir; | |
127 | }; | |
128 | ||
35a397cd IB |
129 | system.activationScripts.mastodon = { |
130 | deps = [ "users" ]; | |
131 | text = '' | |
132 | install -m 0755 -o mastodon -g mastodon -d ${mastodon.socketsDir} | |
2ff7e086 | 133 | install -m 0755 -o mastodon -g mastodon -d ${mastodon.varDir} ${mastodon.varDir}/tmp/cache |
35a397cd IB |
134 | ''; |
135 | }; | |
136 | ||
137 | services.myWebsites.tools.modules = [ | |
138 | "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer" | |
35a397cd IB |
139 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" |
140 | ]; | |
141 | security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; | |
142 | services.myWebsites.tools.vhostConfs.mastodon = { | |
143 | certName = "eldiron"; | |
144 | hosts = ["mastodon.immae.eu" ]; | |
145 | root = "${mastodon.railsRoot}/public/"; | |
146 | extraConfig = [ '' | |
147 | Header always set Referrer-Policy "strict-origin-when-cross-origin" | |
148 | Header always set Strict-Transport-Security "max-age=31536000" | |
149 | ||
150 | <LocationMatch "^/(assets|avatars|emoji|headers|packs|sounds|system)> | |
151 | Header always set Cache-Control "public, max-age=31536000, immutable" | |
152 | Require all granted | |
153 | </LocationMatch> | |
154 | ||
155 | ProxyPreserveHost On | |
156 | RequestHeader set X-Forwarded-Proto "https" | |
157 | ||
158 | RewriteEngine On | |
159 | ||
160 | ProxyPass /500.html ! | |
161 | ProxyPass /sw.js ! | |
162 | ProxyPass /embed.js ! | |
163 | ProxyPass /robots.txt ! | |
164 | ProxyPass /manifest.json ! | |
165 | ProxyPass /browserconfig.xml ! | |
166 | ProxyPass /mask-icon.svg ! | |
167 | ProxyPassMatch ^(/.*\.(png|ico|gif)$) ! | |
168 | ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) ! | |
169 | ||
170 | ProxyPassMatch /api/v1/streaming/(.+)$ balancer://node_servers_http/api/v1/streaming/$1 | |
171 | ProxyPass /api/v1/streaming/ balancer://node_servers/ | |
172 | ProxyPassReverse /api/v1/streaming/ balancer://node_servers/ | |
173 | ProxyPass / balancer://puma_servers/ | |
174 | ProxyPassReverse / balancer://puma_servers/ | |
175 | ||
176 | <Proxy balancer://puma_servers> | |
177 | BalancerMember unix://${mastodon.railsSocket}|http:// | |
178 | </Proxy> | |
179 | ||
180 | <Proxy balancer://node_servers> | |
181 | BalancerMember unix://${mastodon.nodeSocket}|ws://localhost | |
182 | </Proxy> | |
183 | ||
184 | <Proxy balancer://node_servers_http> | |
185 | BalancerMember unix://${mastodon.nodeSocket}|http://localhost | |
186 | </Proxy> | |
187 | ||
188 | Alias /system ${mastodon.varDir} | |
189 | ||
190 | <Directory ${mastodon.varDir}> | |
191 | Require all granted | |
192 | Options -MultiViews | |
193 | </Directory> | |
194 | ||
195 | <Directory ${mastodon.railsRoot}/public/> | |
196 | Require all granted | |
197 | Options -MultiViews +FollowSymlinks | |
198 | </Directory> | |
199 | ||
200 | ErrorDocument 500 /500.html | |
201 | ErrorDocument 501 /500.html | |
202 | ErrorDocument 502 /500.html | |
203 | ErrorDocument 503 /500.html | |
204 | ErrorDocument 504 /500.html | |
205 | '' ]; | |
206 | }; | |
207 | }; | |
208 | } |