From cb49aa5ed36f38aa9608695fb1884846b9f859f9 Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 21:35:13 +0200 Subject: fix(system/services/mastodon): separate domains for user handles and webinterface --- system/services/mastodon/default.nix | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index 3a983c3..96c2744 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -3,8 +3,7 @@ in { services.mastodon = { enable = true; - localDomain = "mstdn.vhack.eu"; - configureNginx = true; + localDomain = "vhack.eu"; smtp = { authenticate = true; createLocally = false; @@ -13,5 +12,38 @@ in { host = "server1.vhack.eu"; passwordFile = "${config.age.secrets.mastodonMail.path}"; }; + extraConfig.WEB_DOMAIN = "mastodon.vhack.eu"; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; # required for redirections to work + virtualHosts = { + "${config.services.mastodon.extraConfig.WEB_DOMAIN}" = { + root = "${config.services.mastodon.package}/public/"; + # mastodon only supports https, but you can override this if you offload tls elsewhere. + forceSSL = true; + enableACME = true; + + locations."/system/".alias = "/var/lib/mastodon/public-system/"; + + locations."/" = { + tryFiles = "$uri @proxy"; + }; + + locations."@proxy" = { + proxyPass = "http://unix:/run/mastodon-web/web.socket"; + proxyWebsockets = true; + }; + + locations."/api/v1/streaming/" = { + proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; + proxyWebsockets = true; + }; + }; + "vhack.eu" = { + locations."/.well-known/webfinger".return = "301 https://${config.services.mastodon.extraConfig.WEB_DOMAIN}$request_uri"; + }; + }; }; } -- cgit 1.4.1