flake.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

{
  description = "Flake for site deployment";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
  };

  outputs =
    {
      self,
      nixpkgs,
      flake-utils,
    }:
    flake-utils.lib.eachDefaultSystem (
      system:
      let
        pkgs = import nixpkgs { inherit system; };

        site = pkgs.buildNpmPackage {
          pname = "site";
          version = "0.1.0";
          src = ./.;

          npmDepsHash = "sha256-jOhhPNoIFaxnUJhFtB7ei3YBwtBkZ9m4U/wuB82McLk=";

          nodejs = pkgs.nodejs;

          buildPhase = ''
            runHook preBuild
            npm run build
            runHook postBuild
          '';

          installPhase = ''
            runHook preInstall
            mkdir -p $out/share/web
            cp -r dist/* $out/share/web/
            runHook postInstall
          '';
        };
      in
      {
        packages.default = site;
      }
    )
    // {
      nixosModules.default =
        { lib, config, ... }:
        let
          cfg = config.services.site;
          inherit (lib)
            mkIf
            mkEnableOption
            mkOption
            types
            ;
        in
        {
          options.services.site = {
            enable = mkEnableOption "Serve the built Vite site via nginx";

            domain = mkOption {
              type = types.str;
              description = "Domain to serve.";
            };

            package = mkOption {
              type = types.package;
              description = "Package whose /share/web contains the built site.";
              default = self.packages.${config.nixpkgs.hostPlatform.system}.default;
            };

            sslCertificate = mkOption {
              type = types.nullOr types.path;
              default = null;
              description = "Path to TLS certificate (PEM).";
            };
            sslCertificateKey = mkOption {
              type = types.nullOr types.path;
              default = null;
              description = "Path to TLS private key (PEM).";
            };
          };

          config = mkIf cfg.enable {

            assertions = [
              {
                assertion = (cfg.sslCertificate == null) == (cfg.sslCertificateKey == null);
                message = "services.site: sslCertificate and sslCertificateKey must be set together.";
              }
            ];

            services.nginx.enable = true;

            services.nginx.virtualHosts.${cfg.domain} =
              let
                useTLS = (cfg.sslCertificate != null) && (cfg.sslCertificateKey != null);
              in
              {
                root = "${cfg.package}/share/web";

                locations."/" = {
                  tryFiles = "$uri $uri/ /index.html";
                };

                forceSSL = useTLS;
                sslCertificate = mkIf useTLS cfg.sslCertificate;
                sslCertificateKey = mkIf useTLS cfg.sslCertificateKey;
              };
          };
        };
    };
}