diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index a71a521e..18299a1e 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -36,7 +36,6 @@ enable = true; # Different from WEB_DOMAIN in our case localDomain = "pub.solar"; - configureNginx = true; enableUnixSocket = true; # Processes used by the mastodon-streaming service. Defaults to the number # of CPU cores minus one diff --git a/hosts/nachtigall/apps/nginx-mastodon.nix b/hosts/nachtigall/apps/nginx-mastodon.nix new file mode 100644 index 00000000..aa81ce20 --- /dev/null +++ b/hosts/nachtigall/apps/nginx-mastodon.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: +let + cfg = config.services.mastodon; +in +{ + services.nginx.virtualHosts = { + "mastodon.pub.solar" = { + root = "${cfg.package}/public/"; + # mastodon only supports https, but you can override this if you offload tls elsewhere. + forceSSL = lib.mkDefault true; + enableACME = lib.mkDefault true; + + locations."/system/".alias = "/var/lib/mastodon/public-system/"; + + locations."/" = { + tryFiles = "$uri @proxy"; + }; + + locations."@proxy" = { + proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}"); + proxyWebsockets = true; + }; + + locations."/api/v1/streaming/" = { + proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-streaming/streaming.socket" else "http://127.0.0.1:${toString(cfg.streamingPort)}/"); + proxyWebsockets = true; + }; + }; + }; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index f312e68e..f25f4899 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -10,6 +10,7 @@ ./nix.nix ./apps/nginx.nix + ./apps/nginx-mastodon.nix ./apps/nginx-mastodon-files.nix ./apps/nginx-website.nix ./apps/mastodon.nix