WIP upgrade

[perso/Immae/Config/Nix.git] / modules / private / websites / tools / mastodon / default.nix

diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix
index 80d74318daef949fc1aa3eeeb080fbbdefe8dfc3..37da3c38190e0ef13308887de47927af9f9981a1 100644 (file)
--- a/modules/private/websites/tools/mastodon/default.nix
+++ b/modules/private/websites/tools/mastodon/default.nix
@@ -1,20 +1,16 @@
 { lib, pkgs, config,  ... }:
 let
   env = config.myEnv.tools.mastodon;
-  root = "/run/current-system/webapps/tools_mastodon";
+  root = "${mcfg.workdir}/public/";
   cfg = config.myServices.websites.tools.mastodon;
-  mcfg = config.services.mastodon;
+  mcfg = config.immaeServices.mastodon;
 in {
   options.myServices.websites.tools.mastodon = {
     enable = lib.mkEnableOption "enable mastodon's website";
   };
 
   config = lib.mkIf cfg.enable {
-    services.duplyBackup.profiles.mastodon = {
-      rootDir = mcfg.dataDir;
-    };
-    secrets.keys = [{
-      dest = "webapps/tools-mastodon";
+    secrets.keys."webapps/tools-mastodon" = {
       user = "mastodon";
       group = "mastodon";
       permissions = "0400";
@@ -59,10 +55,10 @@ in {
         LDAP_UID="uid"
         LDAP_SEARCH_FILTER="${env.ldap.filter}"
       '';
-    }];
-    services.mastodon = {
+    };
+    immaeServices.mastodon = {
       enable = true;
-      configFile = "/var/secrets/webapps/tools-mastodon";
+      configFile = config.secrets.fullPaths."webapps/tools-mastodon";
       socketsPrefix = "live_immae";
       dataDir = "/var/lib/mastodon_immae";
     };
@@ -83,10 +79,6 @@ in {
     services.websites.env.tools.modules = [
       "headers" "proxy" "proxy_wstunnel" "proxy_http"
     ];
-    system.extraSystemBuilderCmds = ''
-      mkdir -p $out/webapps
-      ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon
-      '';
     services.websites.env.tools.vhostConfs.mastodon = {
       certName    = "eldiron";
       addToCerts  = true;
@@ -106,19 +98,19 @@ in {
 
         RewriteEngine On
 
-        ProxyPass /500.html !
-        ProxyPass /sw.js !
-        ProxyPass /embed.js !
-        ProxyPass /robots.txt !
-        ProxyPass /manifest.json !
-        ProxyPass /browserconfig.xml !
-        ProxyPass /mask-icon.svg !
-        ProxyPassMatch ^(/.*\.(png|ico|gif)$) !
-        ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) !
-
         RewriteRule ^/api/v1/streaming/(.+)$ unix://${mcfg.sockets.node}|http://mastodon.immae.eu/api/v1/streaming/$1 [P,NE,QSA,L]
+        RewriteRule ^/api/v1/streaming/public$ unix://${mcfg.sockets.node}|http://mastodon.immae.eu/api/v1/streaming/public [P,NE,QSA,L]
         RewriteRule ^/api/v1/streaming/$ unix://${mcfg.sockets.node}|ws://mastodon.immae.eu/ [P,NE,QSA,L]
-        ProxyPass / unix://${mcfg.sockets.rails}|http://mastodon.immae.eu/
+        RewriteCond %{REQUEST_URI} !/500.html
+        RewriteCond %{REQUEST_URI} !/sw.js
+        RewriteCond %{REQUEST_URI} !/embed.js
+        RewriteCond %{REQUEST_URI} !/robots.txt
+        RewriteCond %{REQUEST_URI} !/manifest.json
+        RewriteCond %{REQUEST_URI} !/browserconfig.xml
+        RewriteCond %{REQUEST_URI} !/mask-icon.svg
+        RewriteCond %{REQUEST_URI} !^(/.*\.(png|ico|gif)$)
+        RewriteCond %{REQUEST_URI} !^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge)
+        RewriteRule ^/(.*)$ unix:///run/mastodon/live_immae_puma.sock|http://mastodon.immae.eu/$1 [P,NE,QSA,L]
         ProxyPassReverse / unix://${mcfg.sockets.rails}|http://mastodon.immae.eu/
 
         Alias /system ${mcfg.dataDir}