Switch to Caddy

2023-01-12 12:19:13 +00:00
parent 792484834f
commit ef3e171cd3
2 changed files with 40 additions and 8 deletions
--- a/mastodon.nix
+++ b/mastodon.nix
@@ -62,7 +62,10 @@ let
      --host-bucket='${secrets.backup.hostBucket}' \
      $@
  '';
+
  bucket = secrets.backup.bucket;
+
+  domainName = "lor.sh";
 in {
  services.postgresqlBackup = {
    enable = true;
@@ -91,21 +94,54 @@ in {
  # https://github.com/mperham/sidekiq/wiki/Memory#bloat
  systemd.services.mastodon-sidekiq.environment.MALLOC_ARENA_MAX = "2";

+  services.caddy = {
+    enable = true;
+    virtualHosts."${domainName}".extraConfig = ''
+      root * ${mastodon-lor-sh}/public
+      encode gzip
+
+      @static file
+      handle @static {
+          file_server
+      }
+
+      handle /api/v1/streaming* {
+          reverse_proxy unix//run/mastodon-streaming/streaming.socket
+      }
+
+      handle {
+          reverse_proxy unix//run/mastodon-web/web.socket
+      }
+
+      header {
+          Strict-Transport-Security "max-age=31536000;"
+      }
+
+      @5xx expression `{err.status_code} >= 500 && {err.status_code} < 600`
+      handle_errors {
+          rewrite @5xx /500.html
+          file_server
+      }
+    '';
+  };
+
+  users.users.caddy.extraGroups = [ "mastodon" ];
+
  services.mastodon = {
    enable = true;

    package = mastodon-lor-sh;

-    localDomain = "lor.sh";
-    configureNginx = true;
+    localDomain = "${domainName}";
+    configureNginx = false;

    smtp = {
      createLocally = false;
      authenticate = true;
      host = "smtp.eu.mailgun.org";
      port = 587;
-      fromAddress = "Mastodon <mastodon@m.lor.sh>";
-      user = "mastodon@m.lor.sh";
+      fromAddress = "Mastodon <mastodon@m.${domainName}>";
+      user = "mastodon@m.${domainName}";
      passwordFile = builtins.toFile "smtp-password" secrets.smtpPassword;
    };