From 3ed1e52ce5e483534130ca0fd2d880da586ec5d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= <lotte@chir.rs>
Date: Sat, 5 Nov 2022 21:26:45 +0100
Subject: [PATCH] add mediaproxy maybe

---
 config/services/akkoma/default.nix    |  8 ++++++
 config/services/akkoma/mediaproxy.nix | 41 +++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 config/services/akkoma/mediaproxy.nix

diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix
index e16a8c75..6fa18e8c 100644
--- a/config/services/akkoma/default.nix
+++ b/config/services/akkoma/default.nix
@@ -161,6 +161,9 @@
     ":web_push_encryption".":vapid_details".subject = "lotte@chir.rs";
   });
 in {
+  imports = [
+    ./mediaproxy.nix
+  ];
   services.pleroma = {
     enable = true;
     package = nix-packages.packages.${pkgs.system}.akkoma;
@@ -185,6 +188,11 @@ in {
       handle /media_attachments/* {
         redir https://mastodon-assets.chir.rs{uri} permanent
       }
+      handle /proxy/* {
+        reverse_proxy {
+          to http://127.0.0.1:24154
+        }
+      }
       handle {
         reverse_proxy {
           to http://127.0.0.1:4000
diff --git a/config/services/akkoma/mediaproxy.nix b/config/services/akkoma/mediaproxy.nix
new file mode 100644
index 00000000..d8766346
--- /dev/null
+++ b/config/services/akkoma/mediaproxy.nix
@@ -0,0 +1,41 @@
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."mail.chir.rs".listen = [
+      {
+        addr = "127.0.0.1";
+        port = 24153;
+      }
+    ];
+    virtualHosts."mediaproxy.int.chir.rs" = {
+      listen = [
+        {
+          addr = "127.0.0.1";
+          port = 24154;
+        }
+      ];
+      extraConfig = ''
+        proxy_cache_path /var/cache/mediacache levels=1:2 keys_zone=akkoma_media_cache:10m inactive=1y use_temp_path=off;
+        location ~ ^/(media|proxy) {
+          proxy_cache        akkoma_media_cache;
+          slice              1m;
+          proxy_cache_key    $host$uri$is_args$args$slice_range;
+          proxy_set_header   Range $slice_range;
+          proxy_http_version 1.1;
+          proxy_cache_valid  206 301 302 304 1h;
+          proxy_cache_valid  200 1y;
+          proxy_cache_use_stale error timeout invalid_header updating;
+          proxy_ignore_client_abort on;
+          proxy_buffering    on;
+          chunked_transfer_encoding on;
+          proxy_ignore_headers Cache-Control Expires;
+          proxy_hide_header  Cache-Control Expires;
+          proxy_pass         http://127.0.0.1:4000;
+        }
+      '';
+    };
+  };
+  systemd.tmpfiles.rules = [
+    "d '/var/cache/mediacache' 0750 nginx nginx - -"
+  ];
+}