feat: introduce flake to serve site

author: schererleander <leander@schererleander.de> 2025-10-04 02:29:09 +0200
committer: schererleander <leander@schererleander.de> 2025-10-04 02:29:09 +0200
commit: 7ebd775766b8dbd0d25ca36ea3cc2e698f08e49b (patch)
tree: 3c352f7de6c622af5756d5a168256e6dbec5ce89
parent: 29e6008cc47fe3b8e408b8411815f1e131b7d191 (diff)
2 files changed, 175 insertions, 0 deletions
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..664ccda
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1759381078,
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..25e84ec
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,114 @@
+{
+  description = "Flake for site deployment";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      flake-utils,
+    }:
+    flake-utils.lib.eachDefaultSystem (
+      system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+
+        site = pkgs.buildNpmPackage {
+          pname = "site";
+          version = "0.1.0";
+          src = ./.;
+
+          npmDepsHash = "sha256-jOhhPNoIFaxnUJhFtB7ei3YBwtBkZ9m4U/wuB82McLk=";
+
+          nodejs = pkgs.nodejs;
+
+          buildPhase = ''
+            runHook preBuild
+            npm run build
+            runHook postBuild
+          '';
+
+          installPhase = ''
+            runHook preInstall
+            mkdir -p $out/share/web
+            cp -r dist/* $out/share/web/
+            runHook postInstall
+          '';
+        };
+      in
+      {
+        packages.default = site;
+      }
+    )
+    // {
+      nixosModules.default =
+        { lib, config, ... }:
+        let
+          cfg = config.services.site;
+          inherit (lib)
+            mkIf
+            mkEnableOption
+            mkOption
+            types
+            ;
+        in
+        {
+          options.services.site = {
+            enable = mkEnableOption "Serve the built Vite site via nginx";
+
+            domain = mkOption {
+              type = types.str;
+              description = "Domain to serve.";
+            };
+
+            package = mkOption {
+              type = types.package;
+              description = "Package whose /share/web contains the built site.";
+              default = self.packages.${config.nixpkgs.hostPlatform.system}.default;
+            };
+
+            sslCertificate = mkOption {
+              type = types.nullOr types.path;
+              default = null;
+              description = "Path to TLS certificate (PEM).";
+            };
+            sslCertificateKey = mkOption {
+              type = types.nullOr types.path;
+              default = null;
+              description = "Path to TLS private key (PEM).";
+            };
+          };
+
+          assertions = [
+            {
+              assertion = (cfg.sslCertificate == null) == (cfg.sslCertificateKey == null);
+              message = "services.site: sslCertificate and sslCertificateKey must be set together.";
+            }
+          ];
+
+          config = mkIf cfg.enable {
+            services.nginx.enable = true;
+
+            services.nginx.virtualHosts.${cfg.domain} =
+              let
+                useTLS = (cfg.sslCertificate != null) && (cfg.sslCertificateKey != null);
+              in
+              {
+                root = "${cfg.package}/share/web";
+
+                locations."/" = {
+                  tryFiles = "$uri $uri/ /index.html";
+                };
+
+                forceSSL = useTLS;
+                sslCertificate = mkIf useTLS cfg.sslCertificate;
+                sslCertificateKey = mkIf useTLS cfg.sslCertificateKey;
+              };
+          };
+        };
+    };
+}
author	schererleander <leander@schererleander.de>	2025-10-04 02:29:09 +0200
committer	schererleander <leander@schererleander.de>	2025-10-04 02:29:09 +0200
commit	7ebd775766b8dbd0d25ca36ea3cc2e698f08e49b (patch)
tree	3c352f7de6c622af5756d5a168256e6dbec5ce89
parent	29e6008cc47fe3b8e408b8411815f1e131b7d191 (diff)