diff options
| -rw-r--r-- | flake.lock | 61 | ||||
| -rw-r--r-- | flake.nix | 114 |
2 files changed, 175 insertions, 0 deletions
diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..664ccda --- /dev/null +++ b/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..25e84ec --- /dev/null +++ b/flake.nix @@ -0,0 +1,114 @@ +{ + description = "Flake for site deployment"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = + { + self, + nixpkgs, + flake-utils, + }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = import nixpkgs { inherit system; }; + + site = pkgs.buildNpmPackage { + pname = "site"; + version = "0.1.0"; + src = ./.; + + npmDepsHash = "sha256-jOhhPNoIFaxnUJhFtB7ei3YBwtBkZ9m4U/wuB82McLk="; + + nodejs = pkgs.nodejs; + + buildPhase = '' + runHook preBuild + npm run build + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + mkdir -p $out/share/web + cp -r dist/* $out/share/web/ + runHook postInstall + ''; + }; + in + { + packages.default = site; + } + ) + // { + nixosModules.default = + { lib, config, ... }: + let + cfg = config.services.site; + inherit (lib) + mkIf + mkEnableOption + mkOption + types + ; + in + { + options.services.site = { + enable = mkEnableOption "Serve the built Vite site via nginx"; + + domain = mkOption { + type = types.str; + description = "Domain to serve."; + }; + + package = mkOption { + type = types.package; + description = "Package whose /share/web contains the built site."; + default = self.packages.${config.nixpkgs.hostPlatform.system}.default; + }; + + sslCertificate = mkOption { + type = types.nullOr types.path; + default = null; + description = "Path to TLS certificate (PEM)."; + }; + sslCertificateKey = mkOption { + type = types.nullOr types.path; + default = null; + description = "Path to TLS private key (PEM)."; + }; + }; + + assertions = [ + { + assertion = (cfg.sslCertificate == null) == (cfg.sslCertificateKey == null); + message = "services.site: sslCertificate and sslCertificateKey must be set together."; + } + ]; + + config = mkIf cfg.enable { + services.nginx.enable = true; + + services.nginx.virtualHosts.${cfg.domain} = + let + useTLS = (cfg.sslCertificate != null) && (cfg.sslCertificateKey != null); + in + { + root = "${cfg.package}/share/web"; + + locations."/" = { + tryFiles = "$uri $uri/ /index.html"; + }; + + forceSSL = useTLS; + sslCertificate = mkIf useTLS cfg.sslCertificate; + sslCertificateKey = mkIf useTLS cfg.sslCertificateKey; + }; + }; + }; + }; +} |