diff options
Diffstat (limited to 'modules/private/websites/tools/mastodon')
-rw-r--r-- | modules/private/websites/tools/mastodon/default.nix | 136 |
1 files changed, 0 insertions, 136 deletions
diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix deleted file mode 100644 index 173a4b8..0000000 --- a/modules/private/websites/tools/mastodon/default.nix +++ /dev/null | |||
@@ -1,136 +0,0 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | env = config.myEnv.tools.mastodon; | ||
4 | root = "${mcfg.workdir}/public/"; | ||
5 | cfg = config.myServices.websites.tools.mastodon; | ||
6 | mcfg = config.services.mastodon; | ||
7 | in { | ||
8 | options.myServices.websites.tools.mastodon = { | ||
9 | enable = lib.mkEnableOption "enable mastodon's website"; | ||
10 | }; | ||
11 | |||
12 | config = lib.mkIf cfg.enable { | ||
13 | secrets.keys."webapps/tools-mastodon" = { | ||
14 | user = "mastodon"; | ||
15 | group = "mastodon"; | ||
16 | permissions = "0400"; | ||
17 | text = '' | ||
18 | REDIS_HOST=${env.redis.host} | ||
19 | REDIS_PORT=${env.redis.port} | ||
20 | REDIS_DB=${env.redis.db} | ||
21 | DB_HOST=${env.postgresql.socket} | ||
22 | DB_USER=${env.postgresql.user} | ||
23 | DB_NAME=${env.postgresql.database} | ||
24 | DB_PASS=${env.postgresql.password} | ||
25 | DB_PORT=${env.postgresql.port} | ||
26 | |||
27 | LOCAL_DOMAIN=mastodon.immae.eu | ||
28 | LOCAL_HTTPS=true | ||
29 | ALTERNATE_DOMAINS=immae.eu | ||
30 | |||
31 | PAPERCLIP_SECRET=${env.paperclip_secret} | ||
32 | SECRET_KEY_BASE=${env.secret_key_base} | ||
33 | OTP_SECRET=${env.otp_secret} | ||
34 | |||
35 | VAPID_PRIVATE_KEY=${env.vapid.private} | ||
36 | VAPID_PUBLIC_KEY=${env.vapid.public} | ||
37 | |||
38 | SMTP_DELIVERY_METHOD=sendmail | ||
39 | SMTP_FROM_ADDRESS=mastodon@tools.immae.eu | ||
40 | SENDMAIL_LOCATION="/run/wrappers/bin/sendmail" | ||
41 | PAPERCLIP_ROOT_PATH=${mcfg.dataDir} | ||
42 | |||
43 | STREAMING_CLUSTER_NUM=1 | ||
44 | |||
45 | RAILS_LOG_LEVEL=warn | ||
46 | |||
47 | # LDAP authentication (optional) | ||
48 | LDAP_ENABLED=true | ||
49 | LDAP_HOST=${env.ldap.host} | ||
50 | LDAP_PORT=636 | ||
51 | LDAP_METHOD=simple_tls | ||
52 | LDAP_BASE="${env.ldap.base}" | ||
53 | LDAP_BIND_DN="${env.ldap.dn}" | ||
54 | LDAP_PASSWORD="${env.ldap.password}" | ||
55 | LDAP_UID="uid" | ||
56 | LDAP_SEARCH_FILTER="${env.ldap.filter}" | ||
57 | ''; | ||
58 | }; | ||
59 | services.mastodon = { | ||
60 | enable = true; | ||
61 | configFile = config.secrets.fullPaths."webapps/tools-mastodon"; | ||
62 | socketsPrefix = "live_immae"; | ||
63 | dataDir = "/var/lib/mastodon_immae"; | ||
64 | }; | ||
65 | services.filesWatcher.mastodon-streaming = { | ||
66 | restart = true; | ||
67 | paths = [ mcfg.configFile ]; | ||
68 | }; | ||
69 | services.filesWatcher.mastodon-web = { | ||
70 | restart = true; | ||
71 | paths = [ mcfg.configFile ]; | ||
72 | }; | ||
73 | services.filesWatcher.mastodon-sidekiq = { | ||
74 | restart = true; | ||
75 | paths = [ mcfg.configFile ]; | ||
76 | }; | ||
77 | |||
78 | |||
79 | services.websites.env.tools.modules = [ | ||
80 | "headers" "proxy" "proxy_wstunnel" "proxy_http" | ||
81 | ]; | ||
82 | services.websites.env.tools.vhostConfs.mastodon = { | ||
83 | certName = "eldiron"; | ||
84 | addToCerts = true; | ||
85 | hosts = ["mastodon.immae.eu" ]; | ||
86 | root = root; | ||
87 | extraConfig = [ '' | ||
88 | Header always set Referrer-Policy "strict-origin-when-cross-origin" | ||
89 | Header always set Strict-Transport-Security "max-age=31536000" | ||
90 | |||
91 | <LocationMatch "^/(assets|avatars|emoji|headers|packs|sounds|system)> | ||
92 | Header always set Cache-Control "public, max-age=31536000, immutable" | ||
93 | Require all granted | ||
94 | </LocationMatch> | ||
95 | |||
96 | ProxyPreserveHost On | ||
97 | RequestHeader set X-Forwarded-Proto "https" | ||
98 | |||
99 | RewriteEngine On | ||
100 | |||
101 | ProxyPass /500.html ! | ||
102 | ProxyPass /sw.js ! | ||
103 | ProxyPass /embed.js ! | ||
104 | ProxyPass /robots.txt ! | ||
105 | ProxyPass /manifest.json ! | ||
106 | ProxyPass /browserconfig.xml ! | ||
107 | ProxyPass /mask-icon.svg ! | ||
108 | ProxyPassMatch ^(/.*\.(png|ico|gif)$) ! | ||
109 | ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) ! | ||
110 | |||
111 | RewriteRule ^/api/v1/streaming/(.+)$ unix://${mcfg.sockets.node}|http://mastodon.immae.eu/api/v1/streaming/$1 [P,NE,QSA,L] | ||
112 | RewriteRule ^/api/v1/streaming/$ unix://${mcfg.sockets.node}|ws://mastodon.immae.eu/ [P,NE,QSA,L] | ||
113 | ProxyPass / unix://${mcfg.sockets.rails}|http://mastodon.immae.eu/ | ||
114 | ProxyPassReverse / unix://${mcfg.sockets.rails}|http://mastodon.immae.eu/ | ||
115 | |||
116 | Alias /system ${mcfg.dataDir} | ||
117 | |||
118 | <Directory ${mcfg.dataDir}> | ||
119 | Require all granted | ||
120 | Options -MultiViews | ||
121 | </Directory> | ||
122 | |||
123 | <Directory ${root}> | ||
124 | Require all granted | ||
125 | Options -MultiViews +FollowSymlinks | ||
126 | </Directory> | ||
127 | |||
128 | ErrorDocument 500 /500.html | ||
129 | ErrorDocument 501 /500.html | ||
130 | ErrorDocument 502 /500.html | ||
131 | ErrorDocument 503 /500.html | ||
132 | ErrorDocument 504 /500.html | ||
133 | '' ]; | ||
134 | }; | ||
135 | }; | ||
136 | } | ||