diff options
Diffstat (limited to 'virtual/modules/websites/tools/mastodon/default.nix')
-rw-r--r-- | virtual/modules/websites/tools/mastodon/default.nix | 208 |
1 files changed, 0 insertions, 208 deletions
diff --git a/virtual/modules/websites/tools/mastodon/default.nix b/virtual/modules/websites/tools/mastodon/default.nix deleted file mode 100644 index f1a207f..0000000 --- a/virtual/modules/websites/tools/mastodon/default.nix +++ /dev/null | |||
@@ -1,208 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | ||
2 | let | ||
3 | mastodon = pkgs.callPackage ./mastodon.nix { | ||
4 | inherit (mylibs) fetchedGithub; | ||
5 | env = myconfig.env.tools.mastodon; | ||
6 | }; | ||
7 | |||
8 | cfg = config.services.myWebsites.tools.mastodon; | ||
9 | in { | ||
10 | options.services.myWebsites.tools.mastodon = { | ||
11 | enable = lib.mkEnableOption "enable mastodon's website"; | ||
12 | }; | ||
13 | |||
14 | config = lib.mkIf cfg.enable { | ||
15 | ids.uids.mastodon = 399; | ||
16 | ids.gids.mastodon = 399; | ||
17 | |||
18 | users.users.mastodon = { | ||
19 | name = "mastodon"; | ||
20 | uid = config.ids.uids.mastodon; | ||
21 | group = "mastodon"; | ||
22 | description = "Mastodon user"; | ||
23 | home = mastodon.railsRoot; | ||
24 | useDefaultShell = true; | ||
25 | }; | ||
26 | |||
27 | users.groups.mastodon.gid = config.ids.gids.mastodon; | ||
28 | |||
29 | systemd.services.mastodon-streaming = { | ||
30 | description = "Mastodon Streaming"; | ||
31 | wantedBy = [ "multi-user.target" ]; | ||
32 | after = [ "network.target" "mastodon-web.service" ]; | ||
33 | |||
34 | environment.NODE_ENV = "production"; | ||
35 | environment.SOCKET = mastodon.nodeSocket; | ||
36 | |||
37 | path = [ pkgs.nodejs pkgs.bashInteractive ]; | ||
38 | |||
39 | script = '' | ||
40 | exec npm run start | ||
41 | ''; | ||
42 | |||
43 | postStart = '' | ||
44 | while [ ! -S $SOCKET ]; do | ||
45 | sleep 0.5 | ||
46 | done | ||
47 | chmod a+w $SOCKET | ||
48 | ''; | ||
49 | |||
50 | postStop = '' | ||
51 | rm $SOCKET | ||
52 | ''; | ||
53 | |||
54 | serviceConfig = { | ||
55 | User = "mastodon"; | ||
56 | EnvironmentFile = mastodon.config; | ||
57 | PrivateTmp = true; | ||
58 | Restart = "always"; | ||
59 | TimeoutSec = 15; | ||
60 | Type = "simple"; | ||
61 | WorkingDirectory = mastodon.railsRoot; | ||
62 | }; | ||
63 | |||
64 | unitConfig.RequiresMountsFor = mastodon.varDir; | ||
65 | }; | ||
66 | |||
67 | systemd.services.mastodon-web = { | ||
68 | description = "Mastodon Web app"; | ||
69 | wantedBy = [ "multi-user.target" ]; | ||
70 | after = [ "network.target" ]; | ||
71 | |||
72 | environment.RAILS_ENV = "production"; | ||
73 | environment.BUNDLE_PATH = "${mastodon.gems}/lib/ruby/gems/2.5.0"; | ||
74 | environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile"; | ||
75 | environment.SOCKET = mastodon.railsSocket; | ||
76 | |||
77 | path = [ mastodon.gems mastodon.gems.ruby pkgs.file ]; | ||
78 | |||
79 | preStart = '' | ||
80 | ./bin/bundle exec rails db:migrate | ||
81 | ''; | ||
82 | |||
83 | script = '' | ||
84 | exec ./bin/bundle exec puma -C config/puma.rb | ||
85 | ''; | ||
86 | |||
87 | serviceConfig = { | ||
88 | User = "mastodon"; | ||
89 | EnvironmentFile = mastodon.config; | ||
90 | PrivateTmp = true; | ||
91 | Restart = "always"; | ||
92 | TimeoutSec = 60; | ||
93 | Type = "simple"; | ||
94 | WorkingDirectory = mastodon.railsRoot; | ||
95 | }; | ||
96 | |||
97 | unitConfig.RequiresMountsFor = mastodon.varDir; | ||
98 | }; | ||
99 | |||
100 | systemd.services.mastodon-sidekiq = { | ||
101 | description = "Mastodon Sidekiq"; | ||
102 | wantedBy = [ "multi-user.target" ]; | ||
103 | after = [ "network.target" "mastodon-web.service" ]; | ||
104 | |||
105 | environment.RAILS_ENV="production"; | ||
106 | environment.BUNDLE_PATH = "${mastodon.gems}/${mastodon.gems.ruby.gemPath}"; | ||
107 | environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile"; | ||
108 | environment.DB_POOL="5"; | ||
109 | |||
110 | path = [ mastodon.gems mastodon.gems.ruby pkgs.imagemagick pkgs.ffmpeg pkgs.file ]; | ||
111 | |||
112 | script = '' | ||
113 | exec ./bin/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push | ||
114 | ''; | ||
115 | |||
116 | serviceConfig = { | ||
117 | User = "mastodon"; | ||
118 | EnvironmentFile = mastodon.config; | ||
119 | PrivateTmp = true; | ||
120 | Restart = "always"; | ||
121 | TimeoutSec = 15; | ||
122 | Type = "simple"; | ||
123 | WorkingDirectory = mastodon.railsRoot; | ||
124 | }; | ||
125 | |||
126 | unitConfig.RequiresMountsFor = mastodon.varDir; | ||
127 | }; | ||
128 | |||
129 | system.activationScripts.mastodon = { | ||
130 | deps = [ "users" ]; | ||
131 | text = '' | ||
132 | install -m 0755 -o mastodon -g mastodon -d ${mastodon.socketsDir} | ||
133 | install -m 0755 -o mastodon -g mastodon -d ${mastodon.varDir} ${mastodon.varDir}/tmp/cache | ||
134 | ''; | ||
135 | }; | ||
136 | |||
137 | services.myWebsites.tools.modules = [ | ||
138 | "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer" | ||
139 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" | ||
140 | ]; | ||
141 | security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; | ||
142 | services.myWebsites.tools.vhostConfs.mastodon = { | ||
143 | certName = "eldiron"; | ||
144 | hosts = ["mastodon.immae.eu" ]; | ||
145 | root = "${mastodon.railsRoot}/public/"; | ||
146 | extraConfig = [ '' | ||
147 | Header always set Referrer-Policy "strict-origin-when-cross-origin" | ||
148 | Header always set Strict-Transport-Security "max-age=31536000" | ||
149 | |||
150 | <LocationMatch "^/(assets|avatars|emoji|headers|packs|sounds|system)> | ||
151 | Header always set Cache-Control "public, max-age=31536000, immutable" | ||
152 | Require all granted | ||
153 | </LocationMatch> | ||
154 | |||
155 | ProxyPreserveHost On | ||
156 | RequestHeader set X-Forwarded-Proto "https" | ||
157 | |||
158 | RewriteEngine On | ||
159 | |||
160 | ProxyPass /500.html ! | ||
161 | ProxyPass /sw.js ! | ||
162 | ProxyPass /embed.js ! | ||
163 | ProxyPass /robots.txt ! | ||
164 | ProxyPass /manifest.json ! | ||
165 | ProxyPass /browserconfig.xml ! | ||
166 | ProxyPass /mask-icon.svg ! | ||
167 | ProxyPassMatch ^(/.*\.(png|ico|gif)$) ! | ||
168 | ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) ! | ||
169 | |||
170 | ProxyPassMatch /api/v1/streaming/(.+)$ balancer://node_servers_http/api/v1/streaming/$1 | ||
171 | ProxyPass /api/v1/streaming/ balancer://node_servers/ | ||
172 | ProxyPassReverse /api/v1/streaming/ balancer://node_servers/ | ||
173 | ProxyPass / balancer://puma_servers/ | ||
174 | ProxyPassReverse / balancer://puma_servers/ | ||
175 | |||
176 | <Proxy balancer://puma_servers> | ||
177 | BalancerMember unix://${mastodon.railsSocket}|http:// | ||
178 | </Proxy> | ||
179 | |||
180 | <Proxy balancer://node_servers> | ||
181 | BalancerMember unix://${mastodon.nodeSocket}|ws://localhost | ||
182 | </Proxy> | ||
183 | |||
184 | <Proxy balancer://node_servers_http> | ||
185 | BalancerMember unix://${mastodon.nodeSocket}|http://localhost | ||
186 | </Proxy> | ||
187 | |||
188 | Alias /system ${mastodon.varDir} | ||
189 | |||
190 | <Directory ${mastodon.varDir}> | ||
191 | Require all granted | ||
192 | Options -MultiViews | ||
193 | </Directory> | ||
194 | |||
195 | <Directory ${mastodon.railsRoot}/public/> | ||
196 | Require all granted | ||
197 | Options -MultiViews +FollowSymlinks | ||
198 | </Directory> | ||
199 | |||
200 | ErrorDocument 500 /500.html | ||
201 | ErrorDocument 501 /500.html | ||
202 | ErrorDocument 502 /500.html | ||
203 | ErrorDocument 503 /500.html | ||
204 | ErrorDocument 504 /500.html | ||
205 | '' ]; | ||
206 | }; | ||
207 | }; | ||
208 | } | ||