X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fmastodon%2Fdefault.nix;h=919bac2a148b5f078a8838048b564de9b259bb48;hp=f1a207feb97554d305ca2d8e7fc2871705a3955d;hb=20e1428fae47a5a59376b624336597eed1b605f5;hpb=01f21083a897b86bf148f1d2bb9c8edca4d3786a
diff --git a/nixops/modules/websites/tools/mastodon/default.nix b/nixops/modules/websites/tools/mastodon/default.nix
index f1a207f..919bac2 100644
--- a/nixops/modules/websites/tools/mastodon/default.nix
+++ b/nixops/modules/websites/tools/mastodon/default.nix
@@ -1,10 +1,11 @@
{ lib, pkgs, config, myconfig, mylibs, ... }:
let
mastodon = pkgs.callPackage ./mastodon.nix {
- inherit (mylibs) fetchedGithub;
+ inherit (pkgs.webapps) mastodon;
env = myconfig.env.tools.mastodon;
};
+ root = "/run/current-system/webapps/tools_mastodon";
cfg = config.services.myWebsites.tools.mastodon;
in {
options.services.myWebsites.tools.mastodon = {
@@ -12,15 +13,16 @@ in {
};
config = lib.mkIf cfg.enable {
- ids.uids.mastodon = 399;
- ids.gids.mastodon = 399;
+ mySecrets.keys = mastodon.keys;
+ ids.uids.mastodon = myconfig.env.tools.mastodon.user.uid;
+ ids.gids.mastodon = myconfig.env.tools.mastodon.user.gid;
users.users.mastodon = {
name = "mastodon";
uid = config.ids.uids.mastodon;
group = "mastodon";
description = "Mastodon user";
- home = mastodon.railsRoot;
+ home = mastodon.varDir;
useDefaultShell = true;
};
@@ -53,7 +55,7 @@ in {
serviceConfig = {
User = "mastodon";
- EnvironmentFile = mastodon.config;
+ EnvironmentFile = "/var/secrets/webapps/tools-mastodon";
PrivateTmp = true;
Restart = "always";
TimeoutSec = 15;
@@ -70,7 +72,7 @@ in {
after = [ "network.target" ];
environment.RAILS_ENV = "production";
- environment.BUNDLE_PATH = "${mastodon.gems}/lib/ruby/gems/2.5.0";
+ environment.BUNDLE_PATH = "${mastodon.gems}/${mastodon.gems.ruby.gemPath}";
environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile";
environment.SOCKET = mastodon.railsSocket;
@@ -86,7 +88,7 @@ in {
serviceConfig = {
User = "mastodon";
- EnvironmentFile = mastodon.config;
+ EnvironmentFile = "/var/secrets/webapps/tools-mastodon";
PrivateTmp = true;
Restart = "always";
TimeoutSec = 60;
@@ -115,7 +117,7 @@ in {
serviceConfig = {
User = "mastodon";
- EnvironmentFile = mastodon.config;
+ EnvironmentFile = "/var/secrets/webapps/tools-mastodon";
PrivateTmp = true;
Restart = "always";
TimeoutSec = 15;
@@ -135,14 +137,17 @@ in {
};
services.myWebsites.tools.modules = [
- "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer"
- "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+ "headers" "proxy" "proxy_wstunnel" "proxy_http"
];
security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
+ system.extraSystemBuilderCmds = ''
+ mkdir -p $out/webapps
+ ln -s ${mastodon.railsRoot}/public/ $out/webapps/tools_mastodon
+ '';
services.myWebsites.tools.vhostConfs.mastodon = {
certName = "eldiron";
hosts = ["mastodon.immae.eu" ];
- root = "${mastodon.railsRoot}/public/";
+ root = root;
extraConfig = [ ''
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Strict-Transport-Security "max-age=31536000"
@@ -167,23 +172,10 @@ in {
ProxyPassMatch ^(/.*\.(png|ico|gif)$) !
ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) !
- ProxyPassMatch /api/v1/streaming/(.+)$ balancer://node_servers_http/api/v1/streaming/$1
- ProxyPass /api/v1/streaming/ balancer://node_servers/
- ProxyPassReverse /api/v1/streaming/ balancer://node_servers/
- ProxyPass / balancer://puma_servers/
- ProxyPassReverse / balancer://puma_servers/
-
-
- BalancerMember unix://${mastodon.railsSocket}|http://
-
-
-
- BalancerMember unix://${mastodon.nodeSocket}|ws://localhost
-
-
-
- BalancerMember unix://${mastodon.nodeSocket}|http://localhost
-
+ RewriteRule ^/api/v1/streaming/(.+)$ unix://${mastodon.nodeSocket}|http://mastodon.immae.eu/api/v1/streaming/$1 [P,NE,QSA,L]
+ RewriteRule ^/api/v1/streaming/$ unix://${mastodon.nodeSocket}|ws://mastodon.immae.eu/ [P,NE,QSA,L]
+ ProxyPass / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/
+ ProxyPassReverse / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/
Alias /system ${mastodon.varDir}
@@ -192,7 +184,7 @@ in {
Options -MultiViews
-
+
Require all granted
Options -MultiViews +FollowSymlinks