diff options
Diffstat (limited to 'system/services/mastodon/default.nix')
| -rw-r--r-- | system/services/mastodon/default.nix | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index 3a983c3..96c2744 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -3,8 +3,7 @@ in { services.mastodon = { enable = true; - localDomain = "mstdn.vhack.eu"; - configureNginx = true; + localDomain = "vhack.eu"; smtp = { authenticate = true; createLocally = false; @@ -13,5 +12,38 @@ in { host = "server1.vhack.eu"; passwordFile = "${config.age.secrets.mastodonMail.path}"; }; + extraConfig.WEB_DOMAIN = "mastodon.vhack.eu"; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; # required for redirections to work + virtualHosts = { + "${config.services.mastodon.extraConfig.WEB_DOMAIN}" = { + root = "${config.services.mastodon.package}/public/"; + # mastodon only supports https, but you can override this if you offload tls elsewhere. + forceSSL = true; + enableACME = true; + + locations."/system/".alias = "/var/lib/mastodon/public-system/"; + + locations."/" = { + tryFiles = "$uri @proxy"; + }; + + locations."@proxy" = { + proxyPass = "http://unix:/run/mastodon-web/web.socket"; + proxyWebsockets = true; + }; + + locations."/api/v1/streaming/" = { + proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; + proxyWebsockets = true; + }; + }; + "vhack.eu" = { + locations."/.well-known/webfinger".return = "301 https://${config.services.mastodon.extraConfig.WEB_DOMAIN}$request_uri"; + }; + }; }; } |