pub-solar/infra
7
1
Fork 3
Code Issues 16 Pull requests 9 Actions Packages Projects 1 Releases Wiki Activity
infra/modules/nginx-mastodon/default.nix
Benjamin Yule Bädorf 68278ad983
All checks were successful
Flake checks / Check (pull_request) Successful in 5m52s
Details
refactor: use options for config parts 
This works towards having reusable modules

* `config.pub-solar-os.networking.domain` is used for the main domain
* `config.pub-solar-os.privacyPolicUrl` links towards the privacy policy
* `config.pub-solar-os.imprintUrl` links towards the imprint
* `config.pub-solar-os.auth.enable` enables the keycloak installation.
  This is needed because `config.pub-solar-os.auth` has to be available
  everywhere, but we do not want to install keycloak everywhere.
* `config.pub-solar-os.auth.realm` sets the keycloak realm name
2024-05-08 19:47:47 +02:00

58 lines
1.8 KiB
Nix
Raw Blame History

{ config, lib, ... }:
let
cfg = config.services.mastodon;
in
{
services.nginx = {
virtualHosts = {
"mastodon.${config.pub-solar-os.networking.domain}" = {
root = "${cfg.package}/public/";
# mastodon only supports https, but you can override this if you offload tls elsewhere.
forceSSL = lib.mkDefault true;
enableACME = lib.mkDefault true;
locations."/auth/sign_up".extraConfig = ''
return 302 /auth/sign_in;
'';
locations."/auth/confirmation/new".extraConfig = ''
return 302 https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}/login-actions/reset-credentials?client_id=mastodon;
'';
locations."/auth/password/new".extraConfig = ''
return 302 https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}/login-actions/reset-credentials?client_id=mastodon;
'';
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
proxyPass = (if cfg.enableUnixSocket then "http://unix:/run/mastodon-web/web.socket" else "http://127.0.0.1:${toString(cfg.webPort)}");
proxyWebsockets = true;
};
locations."/api/v1/streaming/" = {
proxyPass = "http://mastodon-streaming";
proxyWebsockets = true;
};
};
};
upstreams.mastodon-streaming = {
extraConfig = ''
least_conn;
'';
servers = builtins.listToAttrs
(map
(i: {
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
value = { };
})
(lib.range 1 cfg.streamingProcesses));
};
};
}
Reference in a new issue View git blame Copy permalink