systems/eldiron/websites/assets/default.nix

   1 { lib, pkgs, config, ... }:
   2 let
   3   cfg = config.myServices.websites.tools.assets;
   4   fetchFont = v: pkgs.runCommand "fetch-font" {
   5     outputHashAlgo = "sha256";
   6     outputHashMode = "recursive";
   7     outputHash = v.sha256;
   8   } ''
   9     mkdir -p $out
  10     ${pkgs.curl}/bin/curl -k --output $out/font.css -H "User-Agent: Firefox/100.0" "${v.url}"
  11     cat $out/font.css | grep -o "https://[^ )]*" | while read url; do
  12       filename=$(echo "$url" | sed -e "s@.*/@@g")
  13       ${pkgs.curl}/bin/curl -k --output "$out/$filename" "$url"
  14       sed -i -e "s@$url@./$filename@" "$out/font.css"
  15     done
  16   '';
  17   fetchTgz = v: pkgs.runCommand "fetch-tgz" {
  18     outputHashAlgo = "sha256";
  19     outputHashMode = "recursive";
  20     outputHash = v.sha256;
  21   } ''
  22     mkdir -p $out
  23     cd $out
  24     ${pkgs.curl}/bin/curl -L -k "${v.url}" | tar -xz --strip-components=${builtins.toString v.tgzRemoveComponents}
  25   '';
  26   fetchAsset = v:
  27     if v.assetType == "googleFont"
  28     then fetchFont v
  29     else if v.assetType == "tgz"
  30     then fetchTgz v
  31     else pkgs.fetchurl { url = v.url; sha256 = v.sha256; };
  32   assets_urls = lib.mapAttrs (k: fetchAsset) config.myEnv.tools.assets;
  33   assets = pkgs.runCommand "assets" {} (''
  34     mkdir -p $out
  35     cp -a ${./static}/* $out/
  36   '' + builtins.concatStringsSep "\n"
  37     (lib.mapAttrsToList (k: v: ''
  38       if [ -d "${v}" ]; then
  39         mkdir -p "$out/$(dirname "${k}")"
  40         cp -a "${v}" "$out/${k}"
  41         chmod -R u+rwX "$out/${k}"
  42       else
  43         install -D -m644 -T "${v}" "$out/${k}"
  44       fi
  45     '') assets_urls));
  46 in
  47 {
  48   options.myServices.websites.tools.assets = {
  49     enable = lib.mkEnableOption "Enable assets website";
  50   };
  51   config = lib.mkIf cfg.enable {
  52     myServices.dns.zones."immae.eu".subdomains.assets =
  53       with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
  54
  55     services.websites.env.production.bindMounts."/run/imgproxy" = {};
  56     security.acme.certs.eldiron.extraDomainNames = [ "assets.immae.eu" ];
  57     services.websites.env.tools.vhostConfs.assets = {
  58       certName = "eldiron";
  59       hosts = [ "assets.immae.eu" ];
  60       root = assets;
  61       extraConfig = [
  62         ''
  63           Use Apaxy "${assets}" "title"
  64           <Directory "${assets}">
  65             Options Indexes FollowSymlinks
  66             AllowOverride None
  67             Require all granted
  68             Header always set Last-Modified "Tue, 01 Jan 2020 00:00:00 GMT"
  69             Header always set Cache-Control "public, max-age=31536000, immutable"
  70             Header always set Access-Control-Allow-Origin "*"
  71             Header always set Access-Control-Expose-Headers "*"
  72           </Directory>
  73
  74           MergeSlashes OFF
  75           <Location /p>
  76             ProxyPass unix:///run/imgproxy/imgproxy.sock|http://assets.immae.eu
  77             ProxyPassReverse unix:///run/imgproxy/imgproxy.sock|http://assets.immae.eu
  78           </Location>
  79         ''
  80       ];
  81     };
  82     systemd.services.imgproxy = {
  83       description = "IMG proxy";
  84       wantedBy = [ "multi-user.target" ];
  85
  86       environment = {
  87         IMGPROXY_NETWORK = "unix";
  88         IMGPROXY_BIND = "%t/imgproxy/imgproxy.sock";
  89       };
  90       serviceConfig = {
  91         User = "wwwrun";
  92         Group = "wwwrun";
  93         RuntimeDirectory = "imgproxy";
  94         ExecStart = "${pkgs.imgproxy}/bin/imgproxy";
  95       };
  96     };
  97   };
  98 }