nixos/mastodon: add option trustedProxy

This commit is contained in:
Izorkin 2021-02-13 18:37:26 +03:00 committed by erictapen
parent c36bcb9130
commit f1adea1a94

View file

@ -25,6 +25,8 @@ let
ES_ENABLED = if (cfg.elasticsearch.host != null) then "true" else "false"; ES_ENABLED = if (cfg.elasticsearch.host != null) then "true" else "false";
ES_HOST = cfg.elasticsearch.host; ES_HOST = cfg.elasticsearch.host;
ES_PORT = toString(cfg.elasticsearch.port); ES_PORT = toString(cfg.elasticsearch.port);
TRUSTED_PROXY_IP = cfg.trustedProxy;
} }
// (if cfg.smtp.authenticate then { SMTP_LOGIN = cfg.smtp.user; } else {}) // (if cfg.smtp.authenticate then { SMTP_LOGIN = cfg.smtp.user; } else {})
// cfg.extraConfig; // cfg.extraConfig;
@ -179,6 +181,16 @@ in {
type = lib.types.str; type = lib.types.str;
}; };
trustedProxy = lib.mkOption {
description = ''
You need to set it to the IP from which your reverse proxy sends requests to Mastodon's web process,
otherwise Mastodon will record the reverse proxy's own IP as the IP of all requests, which would be
bad because IP addresses are used for important rate limits and security functions.
'';
type = lib.types.str;
default = "127.0.0.1";
};
redis = { redis = {
createLocally = lib.mkOption { createLocally = lib.mkOption {
description = "Configure local Redis server for Mastodon."; description = "Configure local Redis server for Mastodon.";