feat: migrate site to TanStack Start

2026-04-25 14:14:51 -07:00 · 2026-04-25 14:14:51 -07:00 · 1bf7b32040
commit 1bf7b32040
parent 056daa6460
33 changed files with 8684 additions and 1106 deletions
--- a/module.nix
+++ b/module.nix
@ -10,6 +10,7 @@ let
  cfg = config.services.jetpham-website;
  package = cfg.package;
  qaApi = cfg.apiPackage;
+  websiteListen = "${cfg.websiteListenAddress}:${toString cfg.websiteListenPort}";
  apiListen = "${cfg.apiListenAddress}:${toString cfg.apiListenPort}";
  usingDefaultWebhookSecret = cfg.webhookSecretFile == null;
  webhookSecretPath =
@ -45,9 +46,7 @@ let
    }

    handle {
-      root * ${package}
-      try_files {path} /index.html
-      file_server
+      reverse_proxy ${websiteListen}
    }

    ${cfg.caddy.extraConfig}
@ -64,6 +63,18 @@ in
      description = "Static site package served by Caddy.";
    };

+    websiteListenAddress = lib.mkOption {
+      type = lib.types.str;
+      default = "127.0.0.1";
+      description = "Address for the local TanStack Start frontend listener.";
+    };
+
+    websiteListenPort = lib.mkOption {
+      type = lib.types.port;
+      default = 3002;
+      description = "Port for the local TanStack Start frontend listener.";
+    };
+
    apiPackage = lib.mkOption {
      type = lib.types.package;
      default = self.packages.${pkgs.system}.qa-api;
@ -203,6 +214,29 @@ in

    services.caddy.enable = cfg.caddy.enable;

+    systemd.services.jetpham-website = {
+      description = "Jet Pham website frontend";
+      after = [ "network-online.target" ];
+      wants = [ "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+      environment = {
+        WEBSITE_LISTEN_ADDRESS = cfg.websiteListenAddress;
+        WEBSITE_LISTEN_PORT = toString cfg.websiteListenPort;
+        QA_API_BASE_URL = "http://${apiListen}";
+        NODE_ENV = "production";
+      };
+      serviceConfig = {
+        DynamicUser = true;
+        ExecStart = "${package}/bin/jet-website";
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectHome = true;
+        ProtectSystem = "strict";
+        Restart = "on-failure";
+        RestartSec = 5;
+      };
+    };
+
    services.tor = lib.mkIf cfg.tor.enable {
      enable = true;
      relay.onionServices.jetpham-website = {