diff --git a/modules/garage/default.nix b/modules/garage/default.nix index ac435a79..9f3dec4b 100644 --- a/modules/garage/default.nix +++ b/modules/garage/default.nix @@ -99,7 +99,7 @@ s3_api = { s3_region = "eu-central"; api_bind_addr = "[::]:3900"; - root_domain = ".s3.${config.pub-solar-os.networking.domain}"; + root_domain = ".buckets.${config.pub-solar-os.networking.domain}"; }; s3_web = { bind_addr = "[::]:3902"; diff --git a/modules/mastodon/default.nix b/modules/mastodon/default.nix index 01acf7a6..2f16e330 100644 --- a/modules/mastodon/default.nix +++ b/modules/mastodon/default.nix @@ -96,9 +96,9 @@ # S3 File storage (optional) # ----------------------- S3_ENABLED = "true"; - S3_BUCKET = "pub-solar-mastodon"; - S3_REGION = "europe-west-1"; - S3_ENDPOINT = "https://gateway.tardigradeshare.io"; + S3_BUCKET = "mastodon"; + S3_REGION = "eu-central"; + S3_ENDPOINT = "https://buckets.pub.solar"; S3_ALIAS_HOST = "files.${config.pub-solar-os.networking.domain}"; # Translation (optional) # ----------------------- diff --git a/modules/nginx-mastodon-files/default.nix b/modules/nginx-mastodon-files/default.nix index b5497468..8a62d359 100644 --- a/modules/nginx-mastodon-files/default.nix +++ b/modules/nginx-mastodon-files/default.nix @@ -1,8 +1,7 @@ { config, ... }: let - objStorHost = "link.tardigradeshare.io"; - objStorBucket = "s/jw24ad6l4a6zxsnd32cmf5hp5nsq/pub-solar-mastodon"; + objStorHost = "mastodon.web.pub.solar"; in { services.nginx.virtualHosts = { @@ -10,6 +9,12 @@ in enableACME = true; forceSSL = true; + # Use variable to force nginx to perform a DNS resolution on its value, + # the IP of the object storage provider may not always remain the same. + extraConfig = '' + set $s3_backend 'https://${objStorHost}'; + ''; + locations = { "= /" = { index = "index.html"; @@ -25,7 +30,6 @@ in deny all; } - resolver 8.8.8.8; proxy_set_header Host ${objStorHost}; proxy_set_header Connection \'\'; proxy_set_header Authorization \'\'; @@ -40,7 +44,7 @@ in proxy_hide_header x-amz-bucket-region; proxy_hide_header x-amzn-requestid; proxy_ignore_headers Set-Cookie; - proxy_pass https://${objStorHost}/${objStorBucket}$request_uri?download; + proxy_pass $s3_backend$request_uri; proxy_intercept_errors off; proxy_ssl_protocols TLSv1.2 TLSv1.3; proxy_ssl_server_name on; diff --git a/modules/nginx/default.nix b/modules/nginx/default.nix index 0122164d..46bec0ff 100644 --- a/modules/nginx/default.nix +++ b/modules/nginx/default.nix @@ -22,6 +22,13 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; + resolver.addresses = [ + # quad9.net + "9.9.9.9" + "149.112.112.112" + "[2620:fe::fe]" + "[2620:fe::9]" + ]; appendHttpConfig = '' # https://my.f5.com/manage/s/article/K51798430 proxy_headers_hash_bucket_size 128; diff --git a/secrets/mastodon-extra-env-secrets.age b/secrets/mastodon-extra-env-secrets.age index 14ad4271..c78b5b57 100644 Binary files a/secrets/mastodon-extra-env-secrets.age and b/secrets/mastodon-extra-env-secrets.age differ