X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fmastodon%2Fdefault.nix;h=919bac2a148b5f078a8838048b564de9b259bb48;hp=f1a207feb97554d305ca2d8e7fc2871705a3955d;hb=20e1428fae47a5a59376b624336597eed1b605f5;hpb=01f21083a897b86bf148f1d2bb9c8edca4d3786a

diff --git a/nixops/modules/websites/tools/mastodon/default.nix b/nixops/modules/websites/tools/mastodon/default.nix
index f1a207f..919bac2 100644
--- a/nixops/modules/websites/tools/mastodon/default.nix
+++ b/nixops/modules/websites/tools/mastodon/default.nix
@@ -1,10 +1,11 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 let
   mastodon = pkgs.callPackage ./mastodon.nix {
-    inherit (mylibs) fetchedGithub;
+    inherit (pkgs.webapps) mastodon;
     env = myconfig.env.tools.mastodon;
   };
 
+  root = "/run/current-system/webapps/tools_mastodon";
   cfg = config.services.myWebsites.tools.mastodon;
 in {
   options.services.myWebsites.tools.mastodon = {
@@ -12,15 +13,16 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    ids.uids.mastodon = 399;
-    ids.gids.mastodon = 399;
+    mySecrets.keys = mastodon.keys;
+    ids.uids.mastodon = myconfig.env.tools.mastodon.user.uid;
+    ids.gids.mastodon = myconfig.env.tools.mastodon.user.gid;
 
     users.users.mastodon = {
       name = "mastodon";
       uid = config.ids.uids.mastodon;
       group = "mastodon";
       description = "Mastodon user";
-      home = mastodon.railsRoot;
+      home = mastodon.varDir;
       useDefaultShell = true;
     };
 
@@ -53,7 +55,7 @@ in {
 
       serviceConfig = {
         User = "mastodon";
-        EnvironmentFile = mastodon.config;
+        EnvironmentFile = "/var/secrets/webapps/tools-mastodon";
         PrivateTmp = true;
         Restart = "always";
         TimeoutSec = 15;
@@ -70,7 +72,7 @@ in {
       after = [ "network.target" ];
 
       environment.RAILS_ENV = "production";
-      environment.BUNDLE_PATH = "${mastodon.gems}/lib/ruby/gems/2.5.0";
+      environment.BUNDLE_PATH = "${mastodon.gems}/${mastodon.gems.ruby.gemPath}";
       environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile";
       environment.SOCKET = mastodon.railsSocket;
 
@@ -86,7 +88,7 @@ in {
 
       serviceConfig = {
         User = "mastodon";
-        EnvironmentFile = mastodon.config;
+        EnvironmentFile = "/var/secrets/webapps/tools-mastodon";
         PrivateTmp = true;
         Restart = "always";
         TimeoutSec = 60;
@@ -115,7 +117,7 @@ in {
 
       serviceConfig = {
         User = "mastodon";
-        EnvironmentFile = mastodon.config;
+        EnvironmentFile = "/var/secrets/webapps/tools-mastodon";
         PrivateTmp = true;
         Restart = "always";
         TimeoutSec = 15;
@@ -135,14 +137,17 @@ in {
     };
 
     services.myWebsites.tools.modules = [
-      "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer"
-      "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+      "headers" "proxy" "proxy_wstunnel" "proxy_http"
     ];
     security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
+    system.extraSystemBuilderCmds = ''
+      mkdir -p $out/webapps
+      ln -s ${mastodon.railsRoot}/public/ $out/webapps/tools_mastodon
+      '';
     services.myWebsites.tools.vhostConfs.mastodon = {
       certName    = "eldiron";
       hosts       = ["mastodon.immae.eu" ];
-      root        = "${mastodon.railsRoot}/public/";
+      root        = root;
       extraConfig = [ ''
         Header always set Referrer-Policy "strict-origin-when-cross-origin"
         Header always set Strict-Transport-Security "max-age=31536000"
@@ -167,23 +172,10 @@ in {
         ProxyPassMatch ^(/.*\.(png|ico|gif)$) !
         ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) !
 
-        ProxyPassMatch /api/v1/streaming/(.+)$ balancer://node_servers_http/api/v1/streaming/$1
-        ProxyPass /api/v1/streaming/ balancer://node_servers/
-        ProxyPassReverse /api/v1/streaming/ balancer://node_servers/
-        ProxyPass / balancer://puma_servers/
-        ProxyPassReverse / balancer://puma_servers/
-
-        <Proxy balancer://puma_servers>
-            BalancerMember unix://${mastodon.railsSocket}|http://
-        </Proxy>
-
-        <Proxy balancer://node_servers>
-            BalancerMember unix://${mastodon.nodeSocket}|ws://localhost
-        </Proxy>
-
-        <Proxy balancer://node_servers_http>
-            BalancerMember unix://${mastodon.nodeSocket}|http://localhost
-        </Proxy>
+        RewriteRule ^/api/v1/streaming/(.+)$ unix://${mastodon.nodeSocket}|http://mastodon.immae.eu/api/v1/streaming/$1 [P,NE,QSA,L]
+        RewriteRule ^/api/v1/streaming/$ unix://${mastodon.nodeSocket}|ws://mastodon.immae.eu/ [P,NE,QSA,L]
+        ProxyPass / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/
+        ProxyPassReverse / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/
 
         Alias /system ${mastodon.varDir}
 
@@ -192,7 +184,7 @@ in {
           Options -MultiViews
         </Directory>
 
-        <Directory ${mastodon.railsRoot}/public/>
+        <Directory ${root}>
           Require all granted
           Options -MultiViews +FollowSymlinks
         </Directory>