env = myconfig.env.tools.mastodon;
};
+ root = "/run/current-system/webapps/tools_mastodon";
cfg = config.services.myWebsites.tools.mastodon;
in {
options.services.myWebsites.tools.mastodon = {
};
config = lib.mkIf cfg.enable {
- ids.uids.mastodon = 399;
- ids.gids.mastodon = 399;
+ ids.uids.mastodon = myconfig.env.tools.mastodon.user.uid;
+ ids.gids.mastodon = myconfig.env.tools.mastodon.user.gid;
users.users.mastodon = {
name = "mastodon";
};
services.myWebsites.tools.modules = [
- "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer"
- "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+ "headers" "proxy" "proxy_wstunnel" "proxy_http"
];
security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
+ system.extraSystemBuilderCmds = ''
+ mkdir -p $out/webapps
+ ln -s ${mastodon.railsRoot}/public/ $out/webapps/tools_mastodon
+ '';
services.myWebsites.tools.vhostConfs.mastodon = {
certName = "eldiron";
hosts = ["mastodon.immae.eu" ];
- root = "${mastodon.railsRoot}/public/";
+ root = root;
extraConfig = [ ''
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Strict-Transport-Security "max-age=31536000"
ProxyPassMatch ^(/.*\.(png|ico|gif)$) !
ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) !
- ProxyPassMatch /api/v1/streaming/(.+)$ balancer://node_servers_http/api/v1/streaming/$1
- ProxyPass /api/v1/streaming/ balancer://node_servers/
- ProxyPassReverse /api/v1/streaming/ balancer://node_servers/
- ProxyPass / balancer://puma_servers/
- ProxyPassReverse / balancer://puma_servers/
-
- <Proxy balancer://puma_servers>
- BalancerMember unix://${mastodon.railsSocket}|http://
- </Proxy>
-
- <Proxy balancer://node_servers>
- BalancerMember unix://${mastodon.nodeSocket}|ws://localhost
- </Proxy>
-
- <Proxy balancer://node_servers_http>
- BalancerMember unix://${mastodon.nodeSocket}|http://localhost
- </Proxy>
+ RewriteRule ^/api/v1/streaming/(.+)$ unix://${mastodon.nodeSocket}|http://mastodon.immae.eu/api/v1/streaming/$1 [P,NE,QSA,L]
+ RewriteRule ^/api/v1/streaming/$ unix://${mastodon.nodeSocket}|ws://mastodon.immae.eu/ [P,NE,QSA,L]
+ ProxyPass / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/
+ ProxyPassReverse / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/
Alias /system ${mastodon.varDir}
Options -MultiViews
</Directory>
- <Directory ${mastodon.railsRoot}/public/>
+ <Directory ${root}>
Require all granted
Options -MultiViews +FollowSymlinks
</Directory>