feat: introduce flake to serve site

author: schererleander <leander@schererleander.de> 2025-10-04 02:29:09 +0200
committer: schererleander <leander@schererleander.de> 2025-10-04 02:29:09 +0200
commit: 7ebd775766b8dbd0d25ca36ea3cc2e698f08e49b (patch)
tree: 3c352f7de6c622af5756d5a168256e6dbec5ce89 /flake.nix
parent: 29e6008cc47fe3b8e408b8411815f1e131b7d191 (diff)
1 files changed, 114 insertions, 0 deletions
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..25e84ec
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,114 @@
+{
+  description = "Flake for site deployment";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      flake-utils,
+    }:
+    flake-utils.lib.eachDefaultSystem (
+      system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+
+        site = pkgs.buildNpmPackage {
+          pname = "site";
+          version = "0.1.0";
+          src = ./.;
+
+          npmDepsHash = "sha256-jOhhPNoIFaxnUJhFtB7ei3YBwtBkZ9m4U/wuB82McLk=";
+
+          nodejs = pkgs.nodejs;
+
+          buildPhase = ''
+            runHook preBuild
+            npm run build
+            runHook postBuild
+          '';
+
+          installPhase = ''
+            runHook preInstall
+            mkdir -p $out/share/web
+            cp -r dist/* $out/share/web/
+            runHook postInstall
+          '';
+        };
+      in
+      {
+        packages.default = site;
+      }
+    )
+    // {
+      nixosModules.default =
+        { lib, config, ... }:
+        let
+          cfg = config.services.site;
+          inherit (lib)
+            mkIf
+            mkEnableOption
+            mkOption
+            types
+            ;
+        in
+        {
+          options.services.site = {
+            enable = mkEnableOption "Serve the built Vite site via nginx";
+
+            domain = mkOption {
+              type = types.str;
+              description = "Domain to serve.";
+            };
+
+            package = mkOption {
+              type = types.package;
+              description = "Package whose /share/web contains the built site.";
+              default = self.packages.${config.nixpkgs.hostPlatform.system}.default;
+            };
+
+            sslCertificate = mkOption {
+              type = types.nullOr types.path;
+              default = null;
+              description = "Path to TLS certificate (PEM).";
+            };
+            sslCertificateKey = mkOption {
+              type = types.nullOr types.path;
+              default = null;
+              description = "Path to TLS private key (PEM).";
+            };
+          };
+
+          assertions = [
+            {
+              assertion = (cfg.sslCertificate == null) == (cfg.sslCertificateKey == null);
+              message = "services.site: sslCertificate and sslCertificateKey must be set together.";
+            }
+          ];
+
+          config = mkIf cfg.enable {
+            services.nginx.enable = true;
+
+            services.nginx.virtualHosts.${cfg.domain} =
+              let
+                useTLS = (cfg.sslCertificate != null) && (cfg.sslCertificateKey != null);
+              in
+              {
+                root = "${cfg.package}/share/web";
+
+                locations."/" = {
+                  tryFiles = "$uri $uri/ /index.html";
+                };
+
+                forceSSL = useTLS;
+                sslCertificate = mkIf useTLS cfg.sslCertificate;
+                sslCertificateKey = mkIf useTLS cfg.sslCertificateKey;
+              };
+          };
+        };
+    };
+}
author	schererleander <leander@schererleander.de>	2025-10-04 02:29:09 +0200
committer	schererleander <leander@schererleander.de>	2025-10-04 02:29:09 +0200
commit	7ebd775766b8dbd0d25ca36ea3cc2e698f08e49b (patch)
tree	3c352f7de6c622af5756d5a168256e6dbec5ce89 /flake.nix
parent	29e6008cc47fe3b8e408b8411815f1e131b7d191 (diff)