From a02cefc62a0c6fd07bfd6b5fbf7fd76f7b88cc88 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Thu, 23 Oct 2025 19:27:17 +0200
Subject: [PATCH] feat: make cloonar website use the web stack module

---
 hosts/web-arm/sites/cloonar.com.nix | 88 +++++++++++++++--------------
 hosts/web-arm/sites/cloonar.dev.nix | 24 ++++----
 2 files changed, 58 insertions(+), 54 deletions(-)

diff --git a/hosts/web-arm/sites/cloonar.com.nix b/hosts/web-arm/sites/cloonar.com.nix
index 06de94b..2fd691c 100644
--- a/hosts/web-arm/sites/cloonar.com.nix
+++ b/hosts/web-arm/sites/cloonar.com.nix
@@ -2,68 +2,72 @@
 let
   domain = config.networking.domain;
   dataDir = "/var/www/${domain}";
-  mkWellKnown = data: ''
-    default_type application/json;
-    add_header Access-Control-Allow-Origin *;
-    return 200 '${builtins.toJSON data}';
-  '';
 in {
-  services.nginx.virtualHosts."${domain}" = {
-    forceSSL = true;
-    enableACME = true;
-    acmeRoot = null;
-    root = "${dataDir}";
 
-    locations."/favicon.ico".extraConfig = ''
-      log_not_found off;
-      access_log off;
-    '';
+  services.webstack.instances."${domain}" = {
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXKR0AQdP1zn6pL2yjGA/eo9F5Ah2u6+Y5dIk8wR5/I"
+    ];
 
     locations."/".extraConfig = ''
       index index.html;
     '';
 
     locations."~* \.(jpe?g|png)$".extraConfig = ''
-      set $red Z;
+      set $img_format Z;
+
+      # Check for AVIF support (highest priority)
+      if ($http_accept ~* "avif") {
+          set $img_format A;
+      }
+
+      if (-f $document_root/avif/$request_uri.avif) {
+          set $img_format "''${img_format}V";
+      }
+
+      # Serve AVIF if supported and available
+      if ($img_format = "AV") {
+        add_header Vary Accept;
+        expires 365d;
+        add_header Pragma "public";
+        add_header Cache-Control "public";
+        rewrite ^ /avif/$request_uri.avif break;
+
+      }
+
+      # Reset and check for WebP support (fallback)
+      set $img_format Z;
 
       if ($http_accept ~* "webp") {
-          set $red A;
+          set $img_format W;
       }
 
       if (-f $document_root/webp/$request_uri.webp) {
-          set $red "''${red}B";
+          set $img_format "''${img_format}P";
       }
 
-      if ($red = "AB") {
+      # Serve WebP if supported and available
+      if ($img_format = "WP") {
           add_header Vary Accept;
-          rewrite ^ /webp/$request_uri.webp;
+          expires 365d;
+          add_header Pragma "public";
+          add_header Cache-Control "public";
+          rewrite ^ /webp/$request_uri.webp break;
       }
+
+      # If neither AVIF nor WebP matched, serve original format
+      add_header Vary Accept;
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
     '';
 
-    locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
-     expires 365d;
-     add_header Pragma "public";
-     add_header Cache-Control "public";
+    locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
     '';
 
-    locations."~ [^/]\.php(/|$)".extraConfig = ''
-      deny all;
-    '';
-
-    # matrix
-    locations."= /.well-known/matrix/server".extraConfig = mkWellKnown { "m.server" = "matrix.cloonar.com:443"; };
-    locations."= /.well-known/matrix/client".extraConfig = mkWellKnown { "m.homeserver".base_url = "https://matrix.cloonar.com"; };
+    phpPackage = pkgs.php;
   };
-  users.users."${domain}" = {
-    isNormalUser = true;
-    createHome = true;
-    home = dataDir;
-    homeMode= "770";
-    #home = "/home/${domain}";
-    group  = "nginx";
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKKJEgyfKyz5sf5GT0HYXiDmf36fnLe/exbXbRpsNJi"
-    ];
-  };
-  users.groups.${domain} = {};
 }
diff --git a/hosts/web-arm/sites/cloonar.dev.nix b/hosts/web-arm/sites/cloonar.dev.nix
index 5f1520a..2a097be 100644
--- a/hosts/web-arm/sites/cloonar.dev.nix
+++ b/hosts/web-arm/sites/cloonar.dev.nix
@@ -27,8 +27,12 @@ in {
 
       # Serve AVIF if supported and available
       if ($img_format = "AV") {
-          add_header Vary Accept;
-          rewrite ^ /avif/$request_uri.avif break;
+        add_header Vary Accept;
+        expires 365d;
+        add_header Pragma "public";
+        add_header Cache-Control "public";
+        rewrite ^ /avif/$request_uri.avif break;
+
       }
 
       # Reset and check for WebP support (fallback)
@@ -45,21 +49,17 @@ in {
       # Serve WebP if supported and available
       if ($img_format = "WP") {
           add_header Vary Accept;
+          expires 365d;
+          add_header Pragma "public";
+          add_header Cache-Control "public";
           rewrite ^ /webp/$request_uri.webp break;
       }
 
       # If neither AVIF nor WebP matched, serve original format
       add_header Vary Accept;
-    '';
-
-    locations."^~ /vcards/".extraConfig = ''
-        location ~ /\.env {
-            deny all;
-            return 404;
-        }
-
-        # Determine if the requested file exists
-        try_files $uri $uri/ /vcards/index.php$is_args$args;
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
     '';
 
     locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''