Auth API

mastodon.nix

@@ -64,10 +64,34 @@ let
       $@
   '';
 
+  auth = pkgs.buildGoModule rec {
+    name = "auth";
+    src = ./auth;
+    vendorHash = "sha256-cLn1tZL+LVMmSpLZYA7uRkEW7eFWGf+NFdvBEvQtjH4=";
+  };
+
   bucket = secrets.backup.bucket;
 
   domainName = "lor.sh";
 in {
+  systemd.services."mastodon-auth" = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    environment = {
+      SOCKET = "/var/run/mastodon-auth/auth.socket";
+      DATABASE = "mastodon";
+      AUTH_SECRET = secrets.authSecret;
+    };
+    serviceConfig = {
+      Restart = "always";
+      RestartSec = 30;
+      ExecStart = "${auth}/bin/auth";
+      User = "mastodon";
+      RuntimeDirectory = "mastodon-auth";
+      RuntimeDirectoryMode = "0750";
+    };
+  };
+
   services.postgresqlBackup = {
     enable = true;
     databases = [ "mastodon" ];
@@ -110,6 +134,10 @@ in {
           reverse_proxy unix//run/mastodon-streaming/streaming.socket
       }
 
+      handle /api/v0/auth* {
+          reverse_proxy unix//run/mastodon-auth/auth.socket
+      }
+
       handle {
           reverse_proxy unix//run/mastodon-web/web.socket
       }