Switch to Caddy

2023-01-12 12:19:13 +00:00 · 2023-01-12 12:19:13 +00:00 · ef3e171cd3
commit ef3e171cd3
parent 792484834f
2 changed files with 40 additions and 8 deletions
--- a/disable-services.nix
+++ b/disable-services.nix
@ -1,8 +1,6 @@
 { lib, ... }:

 {
-  services."nginx".virtualHosts."lor.sh".enableACME = lib.mkForce false;
-  services."nginx".virtualHosts."lor.sh".forceSSL = lib.mkForce false;
  systemd.services."mastodon-init-db".wantedBy = lib.mkForce [ ];
  systemd.services."mastodon-init-dirs".wantedBy = lib.mkForce [ ];
  systemd.services."mastodon-media-auto-remove".startAt = lib.mkForce [ ];
@ -10,8 +8,6 @@
  systemd.services."mastodon-sidekiq".wantedBy = lib.mkForce [ ];
  systemd.services."mastodon-streaming".wantedBy = lib.mkForce [ ];
  systemd.services."mastodon-web".wantedBy = lib.mkForce [ ];
-  systemd.services."nginx".wantedBy = lib.mkForce [ ];
-  systemd.services."nginx-config-reload".wantedBy = lib.mkForce [ ];
  systemd.services."postgresqlBackup-mastodon".startAt = lib.mkForce [ ];
  systemd.services."postgresqlBackup-mastodon".wantedBy = lib.mkForce [ ];
  systemd.services."redis-mastodon".wantedBy = lib.mkForce [ ];
--- a/mastodon.nix
+++ b/mastodon.nix
@ -62,7 +62,10 @@ let
      --host-bucket='${secrets.backup.hostBucket}' \
      $@
  '';
+
  bucket = secrets.backup.bucket;
+
+  domainName = "lor.sh";
 in {
  services.postgresqlBackup = {
    enable = true;
@ -91,21 +94,54 @@ in {
  # https://github.com/mperham/sidekiq/wiki/Memory#bloat
  systemd.services.mastodon-sidekiq.environment.MALLOC_ARENA_MAX = "2";

+  services.caddy = {
+    enable = true;
+    virtualHosts."${domainName}".extraConfig = ''
+      root * ${mastodon-lor-sh}/public
+      encode gzip
+
+      @static file
+      handle @static {
+          file_server
+      }
+
+      handle /api/v1/streaming* {
+          reverse_proxy unix//run/mastodon-streaming/streaming.socket
+      }
+
+      handle {
+          reverse_proxy unix//run/mastodon-web/web.socket
+      }
+
+      header {
+          Strict-Transport-Security "max-age=31536000;"
+      }
+
+      @5xx expression `{err.status_code} >= 500 && {err.status_code} < 600`
+      handle_errors {
+          rewrite @5xx /500.html
+          file_server
+      }
+    '';
+  };
+
+  users.users.caddy.extraGroups = [ "mastodon" ];
+
  services.mastodon = {
    enable = true;

    package = mastodon-lor-sh;

-    localDomain = "lor.sh";
-    configureNginx = true;
+    localDomain = "${domainName}";
+    configureNginx = false;

    smtp = {
      createLocally = false;
      authenticate = true;
      host = "smtp.eu.mailgun.org";
      port = 587;
-      fromAddress = "Mastodon <mastodon@m.lor.sh>";
-      user = "mastodon@m.lor.sh";
+      fromAddress = "Mastodon <mastodon@m.${domainName}>";
+      user = "mastodon@m.${domainName}";
      passwordFile = builtins.toFile "smtp-password" secrets.smtpPassword;
    };