Move tools websites to stable web directories

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / mastodon / default.nix
diff --git a/nixops/modules/websites/tools/mastodon/default.nix b/nixops/modules/websites/tools/mastodon/default.nix

index f1a207feb97554d305ca2d8e7fc2871705a3955d..6e34280f30f6086951347ce6d5933db4b5abdc03 100644 (file)
--- a/nixops/modules/websites/tools/mastodon/default.nix
+++ b/nixops/modules/websites/tools/mastodon/default.nix
@@ -5,6 +5,7 @@ let
      env = myconfig.env.tools.mastodon;
    };
  
+  root = "/run/current-system/webapps/tools_mastodon";
    cfg = config.services.myWebsites.tools.mastodon;
  in {
    options.services.myWebsites.tools.mastodon = {
@@ -12,8 +13,8 @@ in {
    };
  
    config = lib.mkIf cfg.enable {
-    ids.uids.mastodon = 399;
-    ids.gids.mastodon = 399;
+    ids.uids.mastodon = myconfig.env.tools.mastodon.user.uid;
+    ids.gids.mastodon = myconfig.env.tools.mastodon.user.gid;
  
      users.users.mastodon = {
        name = "mastodon";
@@ -135,14 +136,17 @@ in {
      };
  
      services.myWebsites.tools.modules = [
-      "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer"
-      "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+      "headers" "proxy" "proxy_wstunnel" "proxy_http"
      ];
      security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
+    system.extraSystemBuilderCmds = ''
+      mkdir -p $out/webapps
+      ln -s ${mastodon.railsRoot}/public/ $out/webapps/tools_mastodon
+      '';
      services.myWebsites.tools.vhostConfs.mastodon = {
        certName    = "eldiron";
        hosts       = ["mastodon.immae.eu" ];
-      root        = "${mastodon.railsRoot}/public/";
+      root        = root;
        extraConfig = [ ''
          Header always set Referrer-Policy "strict-origin-when-cross-origin"
          Header always set Strict-Transport-Security "max-age=31536000"
@@ -167,23 +171,10 @@ in {
          ProxyPassMatch ^(/.*\.(png|ico|gif)$) !
          ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) !
  
-        ProxyPassMatch /api/v1/streaming/(.+)$ balancer://node_servers_http/api/v1/streaming/$1
-        ProxyPass /api/v1/streaming/ balancer://node_servers/
-        ProxyPassReverse /api/v1/streaming/ balancer://node_servers/
-        ProxyPass / balancer://puma_servers/
-        ProxyPassReverse / balancer://puma_servers/
-
-        <Proxy balancer://puma_servers>
-            BalancerMember unix://${mastodon.railsSocket}|http://
-        </Proxy>
-
-        <Proxy balancer://node_servers>
-            BalancerMember unix://${mastodon.nodeSocket}|ws://localhost
-        </Proxy>
-
-        <Proxy balancer://node_servers_http>
-            BalancerMember unix://${mastodon.nodeSocket}|http://localhost
-        </Proxy>
+        RewriteRule ^/api/v1/streaming/(.+)$ unix://${mastodon.nodeSocket}|http://mastodon.immae.eu/api/v1/streaming/$1 [P,NE,QSA,L]
+        RewriteRule ^/api/v1/streaming/$ unix://${mastodon.nodeSocket}|ws://mastodon.immae.eu/ [P,NE,QSA,L]
+        ProxyPass / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/
+        ProxyPassReverse / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/
  
          Alias /system ${mastodon.varDir}
  
@@ -192,7 +183,7 @@ in {
            Options -MultiViews
          </Directory>
  
-        <Directory ${mastodon.railsRoot}/public/>
+        <Directory ${root}>
            Require all granted
            Options -MultiViews +FollowSymlinks
          </Directory>