From 94ae6c93029f47e684eb1837bf87cb3940fdf896 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 16 Jan 2024 18:18:07 +0100 Subject: [PATCH] fix(mastodon): use working unix sockets for streaming api The streaming API is currently unusable because we still pass traffic to the old unix socket path. Since https://github.com/NixOS/nixpkgs/commit/c82195d9e82b28147e9a960f6d47ca9200228452#diff-157b1ef68573bbec951d6e551513a555e2d1ca7a161a68f1978b11d39a0bef1eR789-R803 there are multiple unix sockets involved. --- hosts/nachtigall/apps/nginx-mastodon.nix | 71 ++++++++++++++---------- 1 file changed, 42 insertions(+), 29 deletions(-) diff --git a/hosts/nachtigall/apps/nginx-mastodon.nix b/hosts/nachtigall/apps/nginx-mastodon.nix index 4712a59f..668c2964 100644 --- a/hosts/nachtigall/apps/nginx-mastodon.nix +++ b/hosts/nachtigall/apps/nginx-mastodon.nix @@ -3,40 +3,53 @@ let cfg = config.services.mastodon; in { - services.nginx.virtualHosts = { - "mastodon.pub.solar" = { - root = "${cfg.package}/public/"; - # mastodon only supports https, but you can override this if you offload tls elsewhere. - forceSSL = lib.mkDefault true; - enableACME = lib.mkDefault true; + services.nginx = { + virtualHosts = { + "mastodon.pub.solar" = { + root = "${cfg.package}/public/"; + # mastodon only supports https, but you can override this if you offload tls elsewhere. + forceSSL = lib.mkDefault true; + enableACME = lib.mkDefault true; - locations."/system/".alias = "/var/lib/mastodon/public-system/"; + locations."/auth/sign_up".extraConfig = '' + return 302 /auth/sign_in; + ''; - locations."/" = { - tryFiles = "$uri @proxy"; + locations."/auth/confirmation/new".extraConfig = '' + return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon; + ''; + + locations."/auth/password/new".extraConfig = '' + return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon; + ''; + + locations."/system/".alias = "/var/lib/mastodon/public-system/"; + + locations."/" = { + tryFiles = "$uri @proxy"; + }; + + locations."@proxy" = { + proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}"); + proxyWebsockets = true; + }; + + locations."/api/v1/streaming/" = { + proxyPass = "http://mastodon-streaming"; + proxyWebsockets = true; + }; }; + }; - locations."/auth/sign_up".extraConfig = '' - return 302 /auth/sign_in; + upstreams.mastodon-streaming = { + extraConfig = '' + least_conn; ''; - - locations."/auth/confirmation/new".extraConfig = '' - return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon; - ''; - - locations."/auth/password/new".extraConfig = '' - return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon; - ''; - - locations."@proxy" = { - proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}"); - proxyWebsockets = true; - }; - - locations."/api/v1/streaming/" = { - proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-streaming/streaming.socket" else "http://127.0.0.1:${toString(cfg.streamingPort)}/"); - proxyWebsockets = true; - }; + servers = builtins.listToAttrs + (map (i: { + name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket"; + value = { }; + }) (lib.range 1 cfg.streamingProcesses)); }; }; }