diff --git a/backend/app/Auth/AuthCookieSettings.php b/backend/app/Auth/AuthCookieSettings.php deleted file mode 100644 index a68a1c9..0000000 --- a/backend/app/Auth/AuthCookieSettings.php +++ /dev/null @@ -1,28 +0,0 @@ -secure; - } - - public function getDomain(): ?string - { - return $this->domain; - } - - public function getSameSite(): string - { - return $this->sameSite; - } -} diff --git a/backend/app/Console/Commands/EnsureInitialAdminCommand.php b/backend/app/Console/Commands/EnsureInitialAdminCommand.php deleted file mode 100644 index 5a2b9e3..0000000 --- a/backend/app/Console/Commands/EnsureInitialAdminCommand.php +++ /dev/null @@ -1,36 +0,0 @@ -credentialsProvider->getCredentials(); - - $this->ensureInitialAdmin->execute(new EnsureInitialAdminRequest( - email: $credentials->getEmail(), - password: $credentials->getPassword(), - )); - - $this->info('initial admin is ready'); - - return self::SUCCESS; - } -} diff --git a/backend/app/Controllers/AuthController.php b/backend/app/Controllers/AuthController.php index 36eb532..43c9964 100644 --- a/backend/app/Controllers/AuthController.php +++ b/backend/app/Controllers/AuthController.php @@ -2,7 +2,6 @@ namespace App\Controllers; -use App\Auth\AuthCookieSettings; use App\Auth\UseCases\AuthenticateUser\AuthenticateUser; use App\Auth\UseCases\AuthenticateUser\AuthenticateUserRequest; use App\Auth\UseCases\CreateSession\CreateSession; @@ -21,7 +20,6 @@ class AuthController private AuthenticateUser $authenticateUser, private CreateSession $createSession, private Logout $logout, - private AuthCookieSettings $cookieSettings, ) { } @@ -57,11 +55,11 @@ class AuthController value: $session->getToken(), expire: $session->getExpiresAt()->getTimestamp(), path: '/', - domain: $this->cookieSettings->getDomain(), - secure: $this->cookieSettings->isSecure(), + domain: null, + secure: false, httpOnly: true, raw: false, - sameSite: $this->cookieSettings->getSameSite(), + sameSite: Cookie::SAMESITE_LAX, )); } @@ -100,11 +98,11 @@ class AuthController value: '', expire: 1, path: '/', - domain: $this->cookieSettings->getDomain(), - secure: $this->cookieSettings->isSecure(), + domain: null, + secure: false, httpOnly: true, raw: false, - sameSite: $this->cookieSettings->getSameSite(), + sameSite: Cookie::SAMESITE_LAX, )); } } diff --git a/backend/app/Providers/AppServiceProvider.php b/backend/app/Providers/AppServiceProvider.php index 38d7550..9c972cd 100644 --- a/backend/app/Providers/AppServiceProvider.php +++ b/backend/app/Providers/AppServiceProvider.php @@ -2,7 +2,6 @@ namespace App\Providers; -use App\Auth\AuthCookieSettings; use App\Auth\BcryptPasswordHasher; use App\Auth\Clock; use App\Auth\PasswordHasher; @@ -11,8 +10,6 @@ use App\Auth\SystemClock; use App\Auth\TokenGenerator; use App\Shared\Files\Filesystem; use App\Shared\Files\LaravelFilesystem; -use App\User\EnvironmentInitialAdminCredentialsProvider; -use App\User\InitialAdminCredentialsProvider; use Illuminate\Support\ServiceProvider; class AppServiceProvider extends ServiceProvider @@ -35,49 +32,5 @@ class AppServiceProvider extends ServiceProvider Filesystem::class, LaravelFilesystem::class, ); - $this->app->bind( - InitialAdminCredentialsProvider::class, - EnvironmentInitialAdminCredentialsProvider::class, - ); - $this->app->bind( - AuthCookieSettings::class, - function (): AuthCookieSettings { - $secureCookie = config('session.secure'); - $sessionDomain = config('session.domain'); - $sameSite = config('session.same_site'); - - return new AuthCookieSettings( - secure: $this->booleanConfig($secureCookie), - domain: $this->nullableStringConfig($sessionDomain), - sameSite: is_string($sameSite) ? $sameSite : 'lax', - ); - } - ); - } - - private function booleanConfig(mixed $value): bool - { - if (is_bool($value)) { - return $value; - } - - if (is_int($value)) { - return $value === 1; - } - - if (is_string($value)) { - return in_array(strtolower($value), ['1', 'true'], true); - } - - return false; - } - - private function nullableStringConfig(mixed $value): ?string - { - if (! is_string($value) || trim($value) === '') { - return null; - } - - return $value; } } diff --git a/backend/app/User/EnvironmentInitialAdminCredentialsProvider.php b/backend/app/User/EnvironmentInitialAdminCredentialsProvider.php deleted file mode 100644 index 15c22ef..0000000 --- a/backend/app/User/EnvironmentInitialAdminCredentialsProvider.php +++ /dev/null @@ -1,31 +0,0 @@ -requiredEnvironmentValue( - 'RABBI_GERZI_INITIAL_ADMIN_EMAIL', - ), - password: $this->requiredEnvironmentValue( - 'RABBI_GERZI_INITIAL_ADMIN_PASSWORD', - ), - ); - } - - private function requiredEnvironmentValue(string $key): string - { - $value = getenv($key); - if (! is_string($value) || trim($value) === '') { - throw new RuntimeException("$key is required"); - } - - return $value; - } -} diff --git a/backend/app/User/InitialAdminCredentials.php b/backend/app/User/InitialAdminCredentials.php deleted file mode 100644 index 97493b9..0000000 --- a/backend/app/User/InitialAdminCredentials.php +++ /dev/null @@ -1,22 +0,0 @@ -email; - } - - public function getPassword(): string - { - return $this->password; - } -} diff --git a/backend/app/User/InitialAdminCredentialsProvider.php b/backend/app/User/InitialAdminCredentialsProvider.php deleted file mode 100644 index 011523a..0000000 --- a/backend/app/User/InitialAdminCredentialsProvider.php +++ /dev/null @@ -1,8 +0,0 @@ -email); - $existingUser = $this->userRepository->findByEmail($email); - if ($existingUser !== null) { - return; - } - - $this->userRepository->create(new CreateUserDto( - email: $email, - passwordHash: $this->passwordHasher->hash($request->password), - )); - } -} diff --git a/backend/app/User/UseCases/EnsureInitialAdmin/EnsureInitialAdminRequest.php b/backend/app/User/UseCases/EnsureInitialAdmin/EnsureInitialAdminRequest.php deleted file mode 100644 index 47ff5db..0000000 --- a/backend/app/User/UseCases/EnsureInitialAdmin/EnsureInitialAdminRequest.php +++ /dev/null @@ -1,12 +0,0 @@ -withCommands([ - EnsureInitialAdminCommand::class, - ]) ->withMiddleware(function (Middleware $middleware): void { // }) diff --git a/backend/tests/Unit/Controllers/AuthControllerTest.php b/backend/tests/Unit/Controllers/AuthControllerTest.php index 4104b53..29ce7de 100644 --- a/backend/tests/Unit/Controllers/AuthControllerTest.php +++ b/backend/tests/Unit/Controllers/AuthControllerTest.php @@ -2,7 +2,6 @@ namespace Tests\Unit\Controllers; -use App\Auth\AuthCookieSettings; use App\Auth\UseCases\AuthenticateUser\AuthenticateUser; use App\Auth\UseCases\CreateSession\CreateSession; use App\Auth\UseCases\Logout\Logout; @@ -61,11 +60,6 @@ class AuthControllerTest extends TestCase $authenticateUser, $createSession, $logout, - new AuthCookieSettings( - secure: false, - domain: null, - sameSite: 'lax', - ), ); } @@ -110,32 +104,6 @@ class AuthControllerTest extends TestCase ); } - public function testLoginUsesConfiguredCookieSettings(): void - { - $this->controller = $this->controllerWithCookieSettings( - new AuthCookieSettings( - secure: true, - domain: '.example.com', - sameSite: 'none', - ) - ); - $this->seedStartupUser('user@example.com', 'password'); - - $request = new Request([ - 'email' => 'user@example.com', - 'password' => 'password', - ]); - $response = $this->controller->login($request); - - $cookies = $response->headers->getCookies(); - $this->assertCount(1, $cookies); - $cookie = $cookies[0]; - - $this->assertTrue($cookie->isSecure()); - $this->assertSame('.example.com', $cookie->getDomain()); - $this->assertSame('none', $cookie->getSameSite()); - } - public function testLoginReturns400WhenEmailMissing(): void { $request = new Request(['password' => 'correctpassword']); @@ -192,38 +160,6 @@ class AuthControllerTest extends TestCase $this->assertSame('', $cookies[0]->getValue()); } - public function testLogoutUsesConfiguredCookieSettings(): void - { - $this->controller = $this->controllerWithCookieSettings( - new AuthCookieSettings( - secure: true, - domain: '.example.com', - sameSite: 'none', - ) - ); - $this->seedStartupUser('user@example.com', 'correctpassword'); - $loginRequest = new Request([ - 'email' => 'user@example.com', - 'password' => 'correctpassword', - ]); - $this->controller->login($loginRequest); - - $logoutRequest = new Request(); - $logoutRequest->cookies->set( - AuthMiddleware::COOKIE_NAME, - 'session-token-1' - ); - $response = $this->controller->logout($logoutRequest); - - $cookies = $response->headers->getCookies(); - $this->assertCount(1, $cookies); - $cookie = $cookies[0]; - - $this->assertTrue($cookie->isSecure()); - $this->assertSame('.example.com', $cookie->getDomain()); - $this->assertSame('none', $cookie->getSameSite()); - } - public function testMeReturns200WithUserWhenAuthenticated(): void { $email = 'me@example.com'; @@ -244,26 +180,4 @@ class AuthControllerTest extends TestCase $this->assertSame($user->getId(), $body['user']['id']); $this->assertSame($email, $body['user']['email']); } - - private function controllerWithCookieSettings( - AuthCookieSettings $cookieSettings, - ): AuthController { - $authenticateUser = new AuthenticateUser( - $this->userRepo, - $this->hasher, - ); - $createSession = new CreateSession( - $this->sessionRepo, - $this->tokenGenerator, - $this->clock, - ); - $logout = new Logout($this->sessionRepo); - - return new AuthController( - $authenticateUser, - $createSession, - $logout, - $cookieSettings, - ); - } } diff --git a/backend/tests/Unit/User/UseCases/EnsureInitialAdminCommandTest.php b/backend/tests/Unit/User/UseCases/EnsureInitialAdminCommandTest.php deleted file mode 100644 index 5a2467f..0000000 --- a/backend/tests/Unit/User/UseCases/EnsureInitialAdminCommandTest.php +++ /dev/null @@ -1,83 +0,0 @@ -credentialsProvider( - 'admin@example.com', - 'secret-password', - ), - ); - $command->setLaravel($this->consoleContainer()); - - $commandTester = new CommandTester($command); - $statusCode = $commandTester->execute([]); - - $createdUser = $userRepository->findByEmail( - new EmailAddress('admin@example.com') - ); - - $this->assertSame(0, $statusCode); - $this->assertNotNull($createdUser); - $this->assertSame( - 'hashed-secret-password', - $createdUser->getPasswordHash(), - ); - $this->assertStringContainsString( - 'initial admin is ready', - $commandTester->getDisplay(), - ); - } - - private function credentialsProvider( - string $email, - string $password, - ): InitialAdminCredentialsProvider { - return new class ($email, $password) implements - InitialAdminCredentialsProvider - { - public function __construct( - private string $email, - private string $password, - ) { - } - - public function getCredentials(): InitialAdminCredentials - { - return new InitialAdminCredentials( - email: $this->email, - password: $this->password, - ); - } - }; - } - - private function consoleContainer(): Container - { - return new class extends Container - { - public function runningUnitTests(): bool - { - return true; - } - }; - } -} diff --git a/backend/tests/Unit/User/UseCases/EnsureInitialAdminTest.php b/backend/tests/Unit/User/UseCases/EnsureInitialAdminTest.php deleted file mode 100644 index f1d624c..0000000 --- a/backend/tests/Unit/User/UseCases/EnsureInitialAdminTest.php +++ /dev/null @@ -1,78 +0,0 @@ -userRepository = new FakeUserRepository(); - $this->passwordHasher = new FakeHasher(); - $this->ensureInitialAdmin = new EnsureInitialAdmin( - $this->userRepository, - $this->passwordHasher, - ); - } - - public function testCreatesInitialAdminWhenEmailIsMissing(): void - { - $this->ensureInitialAdmin->execute( - new EnsureInitialAdminRequest( - email: 'admin@example.com', - password: 'secret-password', - ) - ); - - $createdUser = $this->userRepository->findByEmail( - new EmailAddress('admin@example.com') - ); - - $this->assertNotNull($createdUser); - $this->assertSame( - 'hashed-secret-password', - $createdUser->getPasswordHash(), - ); - } - - public function testLeavesExistingAdminPasswordUnchanged(): void - { - $this->userRepository->create( - new CreateUserDto( - email: new EmailAddress('admin@example.com'), - passwordHash: 'existing-password-hash', - ) - ); - - $this->ensureInitialAdmin->execute( - new EnsureInitialAdminRequest( - email: 'admin@example.com', - password: 'new-secret-password', - ) - ); - - $existingUser = $this->userRepository->findByEmail( - new EmailAddress('admin@example.com') - ); - - $this->assertNotNull($existingUser); - $this->assertSame( - 'existing-password-hash', - $existingUser->getPasswordHash(), - ); - } -} diff --git a/flake.nix b/flake.nix index ab7aca0..30e9749 100644 --- a/flake.nix +++ b/flake.nix @@ -4,32 +4,11 @@ utils.url = "github:numtide/flake-utils"; }; - outputs = - { - self, - nixpkgs, - utils, - }: - let - nixosModule = import ./nix/nixos-module.nix; - in - utils.lib.eachDefaultSystem ( - system: + outputs = { self, nixpkgs, utils }: + utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; - packages = import ./nix/packages { inherit pkgs; }; - in - { - inherit packages; - - checks = { - inherit (packages) backend frontend; - module-eval = pkgs.callPackage ./nix/checks/module-eval.nix { - inherit nixpkgs system; - module = nixosModule; - }; - }; - + in { devShells.default = pkgs.mkShell { buildInputs = with pkgs; [ onefetch @@ -65,8 +44,5 @@ ''; }; } - ) - // { - nixosModules.default = nixosModule; - }; + ); } diff --git a/nix/checks/module-eval.nix b/nix/checks/module-eval.nix deleted file mode 100644 index 9da8eea..0000000 --- a/nix/checks/module-eval.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - nixpkgs, - module, - pkgs, - system, -}: - -let - evaluatedHostName = - (nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - module - { - system.stateVersion = "26.05"; - - services.rabbi-gerzi = { - enable = true; - frontend.hostName = "www.example.test"; - backend = { - hostName = "api.example.test"; - environmentFile = "/run/secrets/rabbi-gerzi.env"; - }; - }; - } - ]; - }).config.services.rabbi-gerzi.backend.hostName; -in -pkgs.runCommand "rabbi-gerzi-module-eval" - { - value = evaluatedHostName; - preferLocalBuild = true; - } - '' - echo "$value" > $out - '' diff --git a/nix/nixos-module.nix b/nix/nixos-module.nix deleted file mode 100644 index 3e7c507..0000000 --- a/nix/nixos-module.nix +++ /dev/null @@ -1,349 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -let - cfg = config.services.rabbi-gerzi; - - backendPackage = cfg.backend.package; - frontendPackage = cfg.frontend.package; - appDir = "${backendPackage}/share/php/rabbi-gerzi-backend"; - phpPackage = backendPackage.passthru.php; - poolName = "rabbi-gerzi"; - storagePath = "${cfg.stateDir}/storage"; - cachePath = "${cfg.cacheDir}/bootstrap-cache"; - setupService = "rabbi-gerzi-setup"; - phpfpmService = "phpfpm-${poolName}"; - - appEnvironment = { - APP_ENV = "production"; - APP_DEBUG = "false"; - APP_URL = cfg.backend.publicUrl; - APP_CONFIG_CACHE = "${cachePath}/config.php"; - APP_EVENTS_CACHE = "${cachePath}/events.php"; - APP_PACKAGES_CACHE = "${cachePath}/packages.php"; - APP_ROUTES_CACHE = "${cachePath}/routes.php"; - APP_SERVICES_CACHE = "${cachePath}/services.php"; - CACHE_STORE = "file"; - CORS_ALLOWED_ORIGINS = lib.concatStringsSep "," cfg.backend.corsAllowedOrigins; - DB_CONNECTION = "pgsql"; - DB_DATABASE = cfg.database.name; - DB_HOST = "/run/postgresql"; - DB_PASSWORD = ""; - DB_PORT = "5432"; - DB_USERNAME = cfg.database.user; - FILESYSTEM_DISK = "public"; - LARAVEL_STORAGE_PATH = storagePath; - LOG_CHANNEL = "single"; - MAIL_MAILER = "log"; - QUEUE_CONNECTION = "sync"; - SESSION_DRIVER = "database"; - SESSION_DOMAIN = cfg.backend.cookieDomain; - SESSION_SAME_SITE = cfg.backend.cookieSameSite; - SESSION_SECURE_COOKIE = lib.boolToString cfg.backend.cookieSecure; - }; - - fpmEnvironment = appEnvironment // { - APP_KEY = "$APP_KEY"; - }; - - artisan = "${phpPackage}/bin/php ${appDir}/artisan"; - - makeDirectoryRule = path: "d ${path} 0750 ${cfg.user} ${cfg.group} - -"; -in -{ - options.services.rabbi-gerzi = { - enable = lib.mkEnableOption "the Rabbi Gerzi application"; - - user = lib.mkOption { - type = lib.types.str; - default = "rabbi-gerzi"; - description = "User used to run the Rabbi Gerzi backend."; - }; - - group = lib.mkOption { - type = lib.types.str; - default = "rabbi-gerzi"; - description = "Group used to run the Rabbi Gerzi backend."; - }; - - stateDir = lib.mkOption { - type = lib.types.str; - default = "/var/lib/rabbi-gerzi"; - description = "Writable state directory for uploads and storage."; - }; - - cacheDir = lib.mkOption { - type = lib.types.str; - default = "/var/cache/rabbi-gerzi"; - description = "Writable cache directory for Laravel cache files."; - }; - - database = { - name = lib.mkOption { - type = lib.types.str; - default = cfg.user; - description = "PostgreSQL database name."; - }; - - user = lib.mkOption { - type = lib.types.str; - default = cfg.user; - description = "PostgreSQL database user."; - }; - }; - - frontend = { - hostName = lib.mkOption { - type = lib.types.str; - description = "Frontend nginx virtual host name."; - }; - - publicUrl = lib.mkOption { - type = lib.types.str; - default = "https://${cfg.frontend.hostName}"; - description = "Public frontend origin."; - }; - - apiBaseUrl = lib.mkOption { - type = lib.types.str; - default = cfg.backend.publicUrl; - description = "API origin baked into the frontend build."; - }; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.callPackage ./packages/frontend.nix { - inherit (cfg.frontend) apiBaseUrl; - }; - description = "Frontend package to serve."; - }; - - nginx = lib.mkOption { - type = lib.types.attrs; - default = { }; - description = "Extra nginx virtual host options for the frontend."; - }; - }; - - backend = { - hostName = lib.mkOption { - type = lib.types.str; - description = "Backend nginx virtual host name."; - }; - - publicUrl = lib.mkOption { - type = lib.types.str; - default = "https://${cfg.backend.hostName}"; - description = "Public backend origin."; - }; - - environmentFile = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Runtime dotenv file containing APP_KEY and admin secrets."; - }; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.callPackage ./packages/backend.nix { }; - description = "Backend package to run."; - }; - - corsAllowedOrigins = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ cfg.frontend.publicUrl ]; - description = "Allowed CORS origins for the backend API."; - }; - - cookieSecure = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Whether auth cookies require HTTPS."; - }; - - cookieDomain = lib.mkOption { - type = lib.types.str; - default = ""; - description = "Auth cookie domain. Empty means host-only cookies."; - }; - - cookieSameSite = lib.mkOption { - type = lib.types.enum [ - "lax" - "none" - "strict" - ]; - default = "none"; - description = "SameSite value for auth cookies."; - }; - - nginx = lib.mkOption { - type = lib.types.attrs; - default = { }; - description = "Extra nginx virtual host options for the backend."; - }; - }; - }; - - config = lib.mkIf cfg.enable { - assertions = [ - { - assertion = cfg.backend.environmentFile != null; - message = "services.rabbi-gerzi.backend.environmentFile is required."; - } - { - assertion = cfg.backend.cookieSameSite != "none" || cfg.backend.cookieSecure; - message = "SameSite=None auth cookies require cookieSecure = true."; - } - { - assertion = cfg.database.name == cfg.database.user; - message = "Managed PostgreSQL database and user names must match."; - } - ]; - - users.groups.${cfg.group} = { }; - users.users.${cfg.user} = { - isSystemUser = true; - group = cfg.group; - home = cfg.stateDir; - }; - - services.postgresql = { - enable = true; - ensureDatabases = [ cfg.database.name ]; - ensureUsers = [ - { - name = cfg.database.user; - ensureDBOwnership = true; - } - ]; - }; - - systemd.tmpfiles.rules = map makeDirectoryRule [ - cfg.stateDir - cfg.cacheDir - storagePath - "${storagePath}/app" - "${storagePath}/app/private" - "${storagePath}/app/public" - "${storagePath}/framework" - "${storagePath}/framework/cache" - "${storagePath}/framework/cache/data" - "${storagePath}/framework/sessions" - "${storagePath}/framework/views" - "${storagePath}/logs" - cachePath - ]; - - services.phpfpm.pools.${poolName} = { - inherit (cfg) user group; - inherit phpPackage; - phpEnv = fpmEnvironment; - settings = { - "catch_workers_output" = true; - "clear_env" = "no"; - "listen.group" = config.services.nginx.group; - "listen.mode" = "0660"; - "listen.owner" = cfg.user; - "pm" = "dynamic"; - "pm.max_children" = 16; - "pm.max_requests" = 500; - "pm.max_spare_servers" = 4; - "pm.min_spare_servers" = 1; - "pm.start_servers" = 2; - }; - }; - - systemd.services.${setupService} = { - description = "Prepare Rabbi Gerzi backend"; - wantedBy = [ "multi-user.target" ]; - before = [ "${phpfpmService}.service" ]; - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; - path = [ phpPackage ]; - environment = appEnvironment; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - User = cfg.user; - Group = cfg.group; - UMask = "0077"; - WorkingDirectory = appDir; - EnvironmentFile = cfg.backend.environmentFile; - ReadWritePaths = [ - cfg.stateDir - cfg.cacheDir - ]; - }; - script = '' - ${artisan} migrate --force - ${artisan} rabbi-gerzi:ensure-initial-admin - ''; - }; - - systemd.services.${phpfpmService} = { - after = [ "${setupService}.service" ]; - requires = [ "${setupService}.service" ]; - serviceConfig = { - EnvironmentFile = cfg.backend.environmentFile; - ReadWritePaths = [ - cfg.stateDir - cfg.cacheDir - ]; - }; - }; - - services.nginx = { - enable = lib.mkDefault true; - recommendedGzipSettings = lib.mkDefault true; - recommendedOptimisation = lib.mkDefault true; - recommendedProxySettings = lib.mkDefault true; - recommendedTlsSettings = lib.mkDefault true; - - virtualHosts = { - ${cfg.frontend.hostName} = lib.mkMerge [ - cfg.frontend.nginx - { - root = "${frontendPackage}"; - locations."/" = { - tryFiles = "$uri $uri/ /index.html"; - }; - } - ]; - - ${cfg.backend.hostName} = lib.mkMerge [ - cfg.backend.nginx - { - root = "${appDir}/public"; - locations = { - "/" = { - index = "index.php"; - tryFiles = "$uri $uri/ /index.php?$query_string"; - }; - - "/storage/" = { - alias = "${storagePath}/app/public/"; - extraConfig = '' - expires 30d; - access_log off; - ''; - }; - - "~ \\.php$" = { - extraConfig = '' - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass unix:${config.services.phpfpm.pools.${poolName}.socket}; - ''; - }; - }; - } - ]; - }; - }; - }; -} diff --git a/nix/packages/backend.nix b/nix/packages/backend.nix deleted file mode 100644 index e9eac6f..0000000 --- a/nix/packages/backend.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - lib, - makeWrapper, - php, -}: - -let - phpPackage = php.withExtensions ( - { enabled, all }: - enabled - ++ [ - all.pdo_pgsql - ] - ); -in -phpPackage.buildComposerProject2 (finalAttrs: { - pname = "rabbi-gerzi-backend"; - version = "0.0.0"; - - src = lib.cleanSourceWith { - src = ../../backend; - filter = - path: type: - let - relativePath = lib.removePrefix (toString ../../backend + "/") (toString path); - in - !( - lib.hasPrefix ".env" relativePath - || lib.hasPrefix "vendor/" relativePath - || lib.hasPrefix ".phpunit" relativePath - || lib.hasPrefix "storage/logs/" relativePath - || lib.hasPrefix "storage/framework/views/" relativePath - || lib.hasSuffix "~" relativePath - ); - }; - - php = phpPackage; - nativeBuildInputs = [ makeWrapper ]; - vendorHash = "sha256-EhBxKo3qjEuVTlxK/F+vx6ZBGbApBjcgOK8+3u8UiNk="; - - postInstall = '' - mkdir -p $out/bin - makeWrapper ${phpPackage}/bin/php $out/bin/rabbi-gerzi-artisan \ - --add-flags "$out/share/php/${finalAttrs.pname}/artisan" - ''; - - passthru = { - php = phpPackage; - }; - - meta = { - description = "Rabbi Gerzi Laravel backend"; - mainProgram = "rabbi-gerzi-artisan"; - }; -}) diff --git a/nix/packages/default.nix b/nix/packages/default.nix deleted file mode 100644 index 45b1d04..0000000 --- a/nix/packages/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs }: - -rec { - backend = pkgs.callPackage ./backend.nix { }; - frontend = pkgs.callPackage ./frontend.nix { }; - default = frontend; -} diff --git a/nix/packages/frontend.nix b/nix/packages/frontend.nix deleted file mode 100644 index 137bb6d..0000000 --- a/nix/packages/frontend.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - buildNpmPackage, - lib, - apiBaseUrl ? "", -}: - -buildNpmPackage { - pname = "rabbi-gerzi-frontend"; - version = "0.0.0"; - - src = lib.cleanSourceWith { - src = ../../frontend/rabbi_gerzi; - filter = - path: type: - let - relativePath = lib.removePrefix (toString ../../frontend/rabbi_gerzi + "/") (toString path); - in - !( - lib.hasPrefix ".env" relativePath - || lib.hasPrefix "node_modules/" relativePath - || lib.hasPrefix "dist/" relativePath - || lib.hasPrefix "coverage/" relativePath - || lib.hasSuffix ".tsbuildinfo" relativePath - || lib.hasSuffix ".timestamp-" relativePath - ); - }; - - npmDepsHash = "sha256-SF6YRzLySEkYAnwr5YYsftyvwbohtHQo0UpelHmJ7CY="; - npmFlags = [ "--legacy-peer-deps" ]; - - CYPRESS_INSTALL_BINARY = "0"; - VITE_API_BASE_URL = apiBaseUrl; - - installPhase = '' - runHook preInstall - - mkdir -p $out - cp -R dist/* $out/ - - runHook postInstall - ''; - - meta = { - description = "Rabbi Gerzi Vue frontend"; - }; -}