My nix-darwin and NixOS config
3
fork

Configure Feed

Select the types of activity you want to include in your feed.

chore: remove unused module

-102
-102
modules/server/mastofe.nix
··· 1 - ############################################################################## 2 - # masto-fe-standalone — GoToSocial's fork of the Mastodon/glitch-soc 3 - # frontend, served as a static site on fe.ap.ewancroft.uk. 4 - # 5 - # Architecture: 6 - # Caddy file_server (127.0.0.1:cfg.mastofe.caddyPort) 7 - # ↑ Cloudflare tunnel (outbound only) 8 - # 9 - # The frontend is purely client-side — it authenticates against GTS via 10 - # OAuth from the browser. No backend process runs here. 11 - # 12 - # Source: https://codeberg.org/superseriousbusiness/masto-fe-standalone 13 - # 14 - # First-time hash pinning: 15 - # Run the following to get the correct src hash: 16 - # nix-prefetch-git --url https://codeberg.org/superseriousbusiness/masto-fe-standalone.git \ 17 - # --rev <commit-or-tag> 18 - # And for the yarn deps hash: 19 - # nix build .#mastofe --impure (will fail and print the correct hash) 20 - # Then fill both hashes in below. 21 - ############################################################################## 22 - { 23 - config, 24 - lib, 25 - pkgs, 26 - ... 27 - }: 28 - let 29 - cfg = config.myConfig; 30 - mfe = cfg.mastofe; 31 - caddyPort = toString mfe.caddyPort; 32 - 33 - # ── Source derivation ────────────────────────────────────────────────────── 34 - # Pin to a specific commit for reproducibility. 35 - # Update rev + hash together when you want to pull in upstream changes. 36 - mastoFeSrc = pkgs.fetchFromGitea { 37 - domain = "codeberg.org"; 38 - owner = "superseriousbusiness"; 39 - repo = "masto-fe-standalone"; 40 - # TODO: replace with the latest tag/commit from 41 - # https://codeberg.org/superseriousbusiness/masto-fe-standalone/releases 42 - rev = "main"; 43 - hash = lib.fakeHash; 44 - }; 45 - 46 - # ── Build derivation ──────────────────────────────────────────────────────── 47 - # masto-fe-standalone is a Yarn-based Vite project. 48 - # After `yarn build` the compiled assets land in dist/. 49 - mastoFe = pkgs.mkYarnPackage { 50 - name = "masto-fe-standalone"; 51 - src = mastoFeSrc; 52 - 53 - # TODO: obtain with: 54 - # nix-prefetch-url "$(nix eval --raw '<nixpkgs/pkgs/development/node-packages/yarn.lock')" 55 - # or just let Nix tell you the right value on first build. 56 - offlineCache = pkgs.fetchYarnDeps { 57 - yarnLock = "${mastoFeSrc}/yarn.lock"; 58 - hash = lib.fakeHash; 59 - }; 60 - 61 - buildPhase = '' 62 - export HOME=$(mktemp -d) 63 - yarn --offline build 64 - ''; 65 - 66 - installPhase = '' 67 - cp -r dist $out 68 - ''; 69 - 70 - # masto-fe-standalone has no server-side JS — skip the default node_modules 71 - # dist and just keep the compiled static assets. 72 - distPhase = "true"; 73 - }; 74 - in 75 - lib.mkIf cfg.services.mastofe.enable { 76 - 77 - # ── Caddy virtual host ──────────────────────────────────────────────────── 78 - # Plain HTTP on the internal caddyPort — TLS is terminated by Cloudflare. 79 - services.caddy.virtualHosts."http://${mfe.hostname}:${caddyPort}" = { 80 - extraConfig = '' 81 - root * ${mastoFe} 82 - file_server 83 - 84 - # Security headers 85 - header { 86 - X-Content-Type-Options "nosniff" 87 - X-Frame-Options "DENY" 88 - Referrer-Policy "strict-origin-when-cross-origin" 89 - Permissions-Policy "interest-cohort=()" 90 - } 91 - 92 - # Cache static assets aggressively; HTML never cached (SPA routing). 93 - @assets { 94 - path *.js *.css *.woff2 *.woff *.ttf *.png *.svg *.ico 95 - } 96 - header @assets Cache-Control "public, max-age=31536000, immutable" 97 - header /index.html Cache-Control "no-store" 98 - 99 - encode zstd gzip 100 - ''; 101 - }; 102 - }