blob: f75bd7f155c025b51b9da1d45c6b5f287da292a1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
{
description = "Flake for site deployment";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs =
{
self,
nixpkgs,
flake-utils,
}:
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = import nixpkgs { inherit system; };
site = pkgs.buildNpmPackage {
pname = "site";
version = "0.1.0";
src = ./.;
npmDepsHash = "sha256-UVgAOgJgOIPCu+AkDWwhx1tbGGtxuRP2vsTrymY1E5c="
nodejs = pkgs.nodejs;
buildPhase = ''
runHook preBuild
npm run build
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/share/web
cp -r dist/* $out/share/web/
runHook postInstall
'';
};
in
{
packages.default = site;
}
)
// {
nixosModules.default =
{
lib,
config,
pkgs,
...
}:
let
cfg = config.services.site;
inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
in
{
options.services.site = {
enable = mkEnableOption "Serve the built Vite site via nginx";
domain = mkOption {
type = types.str;
description = "Domain to serve.";
};
default = lib.mkOption {
type = types.bool;
default = false;
description = "Make this vhost the default for nginx.";
};
package = mkOption {
type = types.package;
description = "Package whose /share/web contains the built site.";
default = self.packages.${pkgs.system}.default;
};
sslCertificate = mkOption {
type = types.nullOr types.path;
default = null;
description = "Path to TLS certificate (PEM).";
};
sslCertificateKey = mkOption {
type = types.nullOr types.path;
default = null;
description = "Path to TLS private key (PEM).";
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = (cfg.sslCertificate == null) == (cfg.sslCertificateKey == null);
message = "services.site: sslCertificate and sslCertificateKey must be set together.";
}
];
services.nginx.enable = true;
services.nginx.virtualHosts.${cfg.domain} =
let
useTLS = (cfg.sslCertificate != null) && (cfg.sslCertificateKey != null);
in
{
root = "${cfg.package}/share/web";
default = cfg.default;
locations."/" = {
tryFiles = "$uri $uri/ /index.html";
};
forceSSL = useTLS;
sslCertificate = mkIf useTLS cfg.sslCertificate;
sslCertificateKey = mkIf useTLS cfg.sslCertificateKey;
};
};
};
};
}
|
