fix(mastodon): use working unix sockets for streaming api

The streaming API is currently unusable because we still pass traffic
to the old unix socket path.
Since c82195d9e8 (diff-157b1ef68573bbec951d6e551513a555e2d1ca7a161a68f1978b11d39a0bef1eR789-R803)
there are multiple unix sockets involved.
This commit is contained in:
teutat3s 2024-01-16 18:18:07 +01:00
parent ebc34e50bc
commit 94ae6c9302
Signed by untrusted user: teutat3s
GPG key ID: 4FA1D3FA524F22C1

View file

@ -3,40 +3,53 @@ let
cfg = config.services.mastodon; cfg = config.services.mastodon;
in in
{ {
services.nginx.virtualHosts = { services.nginx = {
"mastodon.pub.solar" = { virtualHosts = {
root = "${cfg.package}/public/"; "mastodon.pub.solar" = {
# mastodon only supports https, but you can override this if you offload tls elsewhere. root = "${cfg.package}/public/";
forceSSL = lib.mkDefault true; # mastodon only supports https, but you can override this if you offload tls elsewhere.
enableACME = lib.mkDefault true; forceSSL = lib.mkDefault true;
enableACME = lib.mkDefault true;
locations."/system/".alias = "/var/lib/mastodon/public-system/"; locations."/auth/sign_up".extraConfig = ''
return 302 /auth/sign_in;
'';
locations."/" = { locations."/auth/confirmation/new".extraConfig = ''
tryFiles = "$uri @proxy"; return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon;
'';
locations."/auth/password/new".extraConfig = ''
return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon;
'';
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}");
proxyWebsockets = true;
};
locations."/api/v1/streaming/" = {
proxyPass = "http://mastodon-streaming";
proxyWebsockets = true;
};
}; };
};
locations."/auth/sign_up".extraConfig = '' upstreams.mastodon-streaming = {
return 302 /auth/sign_in; extraConfig = ''
least_conn;
''; '';
servers = builtins.listToAttrs
locations."/auth/confirmation/new".extraConfig = '' (map (i: {
return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon; name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
''; value = { };
}) (lib.range 1 cfg.streamingProcesses));
locations."/auth/password/new".extraConfig = ''
return 302 https://auth.pub.solar/realms/pub.solar/login-actions/reset-credentials?client_id=mastodon;
'';
locations."@proxy" = {
proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}");
proxyWebsockets = true;
};
locations."/api/v1/streaming/" = {
proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-streaming/streaming.socket" else "http://127.0.0.1:${toString(cfg.streamingPort)}/");
proxyWebsockets = true;
};
}; };
}; };
} }