100 lines
2.8 KiB
Nix
100 lines
2.8 KiB
Nix
|
{
|
||
|
description = "Utilities for building a artifacts for hosting a static site from a yarn project";
|
||
|
|
||
|
inputs = {
|
||
|
flake-utils.url = "github:numtide/flake-utils";
|
||
|
gitignore = {
|
||
|
url = "github:hercules-ci/gitignore.nix";
|
||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
outputs = {
|
||
|
nixpkgs,
|
||
|
flake-utils,
|
||
|
...
|
||
|
}:
|
||
|
flake-utils.lib.eachDefaultSystem (system: let
|
||
|
pkgs = nixpkgs.legacyPackages.${system};
|
||
|
in {
|
||
|
lib = rec {
|
||
|
naiveFilter = names: name: type: let
|
||
|
bname = baseNameOf name;
|
||
|
in
|
||
|
(type == "regular") && (builtins.elem bname names);
|
||
|
|
||
|
npSrc = pkgs.lib.cleanSourceWith {
|
||
|
filter = name: type:
|
||
|
(type == "directory") || (naiveFilter ["package.json" "yarn.lock"] name type);
|
||
|
src = ./.;
|
||
|
};
|
||
|
mimeTypes = pkgs.concatTextFile {
|
||
|
name = "mime.types";
|
||
|
files = [./mime.types];
|
||
|
};
|
||
|
|
||
|
nginxConf = staticAssetsPath:
|
||
|
pkgs.writeTextFile {
|
||
|
name = "nginx.conf";
|
||
|
text = ''
|
||
|
user nginx nginx;
|
||
|
daemon off;
|
||
|
error_log /dev/stdout info;
|
||
|
pid /dev/null;
|
||
|
events {}
|
||
|
http {
|
||
|
include ${mimeTypes};
|
||
|
access_log /dev/stdout;
|
||
|
server {
|
||
|
listen 80;
|
||
|
index index.php index.html;
|
||
|
charset utf-8;
|
||
|
|
||
|
add_header X-Frame-Options "SAMEORIGIN";
|
||
|
add_header X-Content-Type-Options "nosniff";
|
||
|
location / {
|
||
|
root ${staticAssetsPath};
|
||
|
try_files $uri $uri/ /index.php?$query_string;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
mkContainer = staticAssetsPath: attrs @ {
|
||
|
copyToRoot ? [],
|
||
|
extraCommands ? "",
|
||
|
runAsRoot ? "",
|
||
|
config ? {},
|
||
|
}:
|
||
|
pkgs.dockerTools.buildImage (attrs
|
||
|
// {
|
||
|
copyToRoot = copyToRoot ++ [staticAssetsPath];
|
||
|
extraCommands =
|
||
|
''
|
||
|
mkdir -p var/log/nginx
|
||
|
mkdir -p var/cache/nginx
|
||
|
mkdir -p tmp
|
||
|
chmod 1777 tmp
|
||
|
''
|
||
|
+ extraCommands;
|
||
|
|
||
|
runAsRoot =
|
||
|
''
|
||
|
${pkgs.dockerTools.shadowSetup}
|
||
|
groupadd --system nginx
|
||
|
useradd --system --gid nginx nginx
|
||
|
''
|
||
|
+ runAsRoot;
|
||
|
|
||
|
config =
|
||
|
{
|
||
|
Cmd = ["${pkgs.nginx}/bin/nginx" "-c" "${nginxConf staticAssetsPath}"];
|
||
|
Expose = [80];
|
||
|
}
|
||
|
// config;
|
||
|
});
|
||
|
};
|
||
|
});
|
||
|
}
|