infra/lor.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Switch to Caddy

Browse Source
This commit is contained in:
dump_stack() 2023-01-12 12:19:13 +00:00
parent 792484834f
commit ef3e171cd3
Signed by: dump_stack
GPG Key ID: BE44DA8C062D87DC
2 changed files with 40 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
disable-services.nix
View File

@ -1,8 +1,6 @@
{ lib, ... }: { lib, ... }:
{ {
services."nginx".virtualHosts."lor.sh".enableACME = lib.mkForce false;
services."nginx".virtualHosts."lor.sh".forceSSL = lib.mkForce false;
systemd.services."mastodon-init-db".wantedBy = lib.mkForce [ ]; systemd.services."mastodon-init-db".wantedBy = lib.mkForce [ ];
systemd.services."mastodon-init-dirs".wantedBy = lib.mkForce [ ]; systemd.services."mastodon-init-dirs".wantedBy = lib.mkForce [ ];
systemd.services."mastodon-media-auto-remove".startAt = lib.mkForce [ ]; systemd.services."mastodon-media-auto-remove".startAt = lib.mkForce [ ];
@ -10,8 +8,6 @@
systemd.services."mastodon-sidekiq".wantedBy = lib.mkForce [ ]; systemd.services."mastodon-sidekiq".wantedBy = lib.mkForce [ ];
systemd.services."mastodon-streaming".wantedBy = lib.mkForce [ ]; systemd.services."mastodon-streaming".wantedBy = lib.mkForce [ ];
systemd.services."mastodon-web".wantedBy = lib.mkForce [ ]; systemd.services."mastodon-web".wantedBy = lib.mkForce [ ];
systemd.services."nginx".wantedBy = lib.mkForce [ ];
systemd.services."nginx-config-reload".wantedBy = lib.mkForce [ ];
systemd.services."postgresqlBackup-mastodon".startAt = lib.mkForce [ ]; systemd.services."postgresqlBackup-mastodon".startAt = lib.mkForce [ ];
systemd.services."postgresqlBackup-mastodon".wantedBy = lib.mkForce [ ]; systemd.services."postgresqlBackup-mastodon".wantedBy = lib.mkForce [ ];
systemd.services."redis-mastodon".wantedBy = lib.mkForce [ ]; systemd.services."redis-mastodon".wantedBy = lib.mkForce [ ];

44
mastodon.nix
View File

@ -62,7 +62,10 @@ let
--host-bucket='${secrets.backup.hostBucket}' \ --host-bucket='${secrets.backup.hostBucket}' \
$@ $@
''; '';
bucket = secrets.backup.bucket; bucket = secrets.backup.bucket;
domainName = "lor.sh";
in { in {
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;
@ -91,21 +94,54 @@ in {
# https://github.com/mperham/sidekiq/wiki/Memory#bloat # https://github.com/mperham/sidekiq/wiki/Memory#bloat
systemd.services.mastodon-sidekiq.environment.MALLOC_ARENA_MAX = "2"; systemd.services.mastodon-sidekiq.environment.MALLOC_ARENA_MAX = "2";
services.caddy = {
enable = true;
virtualHosts."${domainName}".extraConfig = ''
root * ${mastodon-lor-sh}/public
encode gzip
@static file
handle @static {
file_server
}
handle /api/v1/streaming* {
reverse_proxy unix//run/mastodon-streaming/streaming.socket
}
handle {
reverse_proxy unix//run/mastodon-web/web.socket
}
header {
Strict-Transport-Security "max-age=31536000;"
}
@5xx expression `{err.status_code} >= 500 && {err.status_code} < 600`
handle_errors {
rewrite @5xx /500.html
file_server
}
'';
};
users.users.caddy.extraGroups = [ "mastodon" ];
services.mastodon = { services.mastodon = {
enable = true; enable = true;
package = mastodon-lor-sh; package = mastodon-lor-sh;
localDomain = "lor.sh"; localDomain = "${domainName}";
configureNginx = true; configureNginx = false;
smtp = { smtp = {
createLocally = false; createLocally = false;
authenticate = true; authenticate = true;
host = "smtp.eu.mailgun.org"; host = "smtp.eu.mailgun.org";
port = 587; port = 587;
fromAddress = "Mastodon <mastodon@m.lor.sh>"; fromAddress = "Mastodon <mastodon@m.${domainName}>";
user = "mastodon@m.lor.sh"; user = "mastodon@m.${domainName}";
passwordFile = builtins.toFile "smtp-password" secrets.smtpPassword; passwordFile = builtins.toFile "smtp-password" secrets.smtpPassword;
}; };