feat: make cloonar website use the web stack module

2025-10-23 19:27:17 +02:00
parent 28974e9688
commit a02cefc62a
2 changed files with 58 additions and 54 deletions
--- a/hosts/web-arm/sites/cloonar.com.nix
+++ b/hosts/web-arm/sites/cloonar.com.nix
@@ -2,68 +2,72 @@
 let
  domain = config.networking.domain;
  dataDir = "/var/www/${domain}";
-  mkWellKnown = data: ''
-    default_type application/json;
-    add_header Access-Control-Allow-Origin *;
-    return 200 '${builtins.toJSON data}';
-  '';
 in {
-  services.nginx.virtualHosts."${domain}" = {
-    forceSSL = true;
-    enableACME = true;
-    acmeRoot = null;
-    root = "${dataDir}";

-    locations."/favicon.ico".extraConfig = ''
-      log_not_found off;
-      access_log off;
-    '';
+  services.webstack.instances."${domain}" = {
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXKR0AQdP1zn6pL2yjGA/eo9F5Ah2u6+Y5dIk8wR5/I"
+    ];

    locations."/".extraConfig = ''
      index index.html;
    '';

    locations."~* \.(jpe?g|png)$".extraConfig = ''
-      set $red Z;
+      set $img_format Z;
+
+      # Check for AVIF support (highest priority)
+      if ($http_accept ~* "avif") {
+          set $img_format A;
+      }
+
+      if (-f $document_root/avif/$request_uri.avif) {
+          set $img_format "''${img_format}V";
+      }
+
+      # Serve AVIF if supported and available
+      if ($img_format = "AV") {
+        add_header Vary Accept;
+        expires 365d;
+        add_header Pragma "public";
+        add_header Cache-Control "public";
+        rewrite ^ /avif/$request_uri.avif break;
+
+      }
+
+      # Reset and check for WebP support (fallback)
+      set $img_format Z;

      if ($http_accept ~* "webp") {
-          set $red A;
+          set $img_format W;
      }

      if (-f $document_root/webp/$request_uri.webp) {
-          set $red "''${red}B";
+          set $img_format "''${img_format}P";
      }

-      if ($red = "AB") {
+      # Serve WebP if supported and available
+      if ($img_format = "WP") {
          add_header Vary Accept;
-          rewrite ^ /webp/$request_uri.webp;
+          expires 365d;
+          add_header Pragma "public";
+          add_header Cache-Control "public";
+          rewrite ^ /webp/$request_uri.webp break;
      }
+
+      # If neither AVIF nor WebP matched, serve original format
+      add_header Vary Accept;
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
    '';

-    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
-     expires 365d;
-     add_header Pragma "public";
-     add_header Cache-Control "public";
+    locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
    '';

-    locations."~ [^/]\.php(/|$)".extraConfig = ''
-      deny all;
-    '';
-
-    # matrix
-    locations."= /.well-known/matrix/server".extraConfig = mkWellKnown { "m.server" = "matrix.cloonar.com:443"; };
-    locations."= /.well-known/matrix/client".extraConfig = mkWellKnown { "m.homeserver".base_url = "https://matrix.cloonar.com"; };
+    phpPackage = pkgs.php;
  };
-  users.users."${domain}" = {
-    isNormalUser = true;
-    createHome = true;
-    home = dataDir;
-    homeMode= "770";
-    #home = "/home/${domain}";
-    group  = "nginx";
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKKJEgyfKyz5sf5GT0HYXiDmf36fnLe/exbXbRpsNJi"
-    ];
-  };
-  users.groups.${domain} = {};
 }
--- a/hosts/web-arm/sites/cloonar.dev.nix
+++ b/hosts/web-arm/sites/cloonar.dev.nix
@@ -27,8 +27,12 @@ in {

      # Serve AVIF if supported and available
      if ($img_format = "AV") {
-          add_header Vary Accept;
-          rewrite ^ /avif/$request_uri.avif break;
+        add_header Vary Accept;
+        expires 365d;
+        add_header Pragma "public";
+        add_header Cache-Control "public";
+        rewrite ^ /avif/$request_uri.avif break;
+
      }

      # Reset and check for WebP support (fallback)
@@ -45,21 +49,17 @@ in {
      # Serve WebP if supported and available
      if ($img_format = "WP") {
          add_header Vary Accept;
+          expires 365d;
+          add_header Pragma "public";
+          add_header Cache-Control "public";
          rewrite ^ /webp/$request_uri.webp break;
      }

      # If neither AVIF nor WebP matched, serve original format
      add_header Vary Accept;
-    '';
-
-    locations."^~ /vcards/".extraConfig = ''
-        location ~ /\.env {
-            deny all;
-            return 404;
-        }
-
-        # Determine if the requested file exists
-        try_files $uri $uri/ /vcards/index.php$is_args$args;
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
    '';

    locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''