Refactor Mastodon nginx recipe for proxy usage

Works both as local deployment and proxy (via roles and environments) * Use upstreams for proxy_pass * Access static assets from proxy, configure caching for them * Move Tor config to environment, install via role * ...
2022-11-30 12:02:17 +01:00
parent 83e55c84a2
commit 66f5217a41
6 changed files with 85 additions and 52 deletions
--- a/roles/nginx_proxy.rb
+++ b/roles/nginx_proxy.rb
@@ -1,17 +1,35 @@
 name "nginx_proxy"

+override_attributes(
+  'nginx' => {
+    'server_names_hash_bucket_size' => 128
+  },
+  'tor' => {
+    'HiddenServices' => {
+      'web' => {
+        'HiddenServicePorts' => ['80 127.0.0.1:80', '443 127.0.0.1:443']
+      }
+    }
+  }
+)
+
 default_run_list = %w(
+  tor-full
  kosmos_assets::nginx_site
  kosmos_discourse::nginx
  kosmos_drone::nginx
  kosmos_gitea::nginx
  kosmos_website::default
-  kosmos-ejabberd::nginx
  kosmos-akkounts::nginx_api
+  kosmos-ejabberd::nginx
  kosmos-hubot::nginx_botka_irc-libera-chat
  kosmos-hubot::nginx_hal8000_xmpp
  kosmos-ipfs::nginx_public_gateway
+  kosmos-mastodon::nginx
  remotestorage_discourse::nginx
+  kosmos_garage::default
+  kosmos_garage::firewall_rpc
+  kosmos_garage::nginx_web
 )

 env_run_lists(