From b0c86faf29c489954ea01c65a2f325b9915e7b30 Mon Sep 17 00:00:00 2001
From: Philipp <philipp@boehm.sh>
Date: Thu, 8 May 2025 11:39:14 +0200
Subject: [PATCH] modularize cinny and ente-auth, add package ente-auth-web

The previous was more of a workaround not fitting in the spirit of
nixos, this fixes this and makes proper modules out of them. Sadly
ente-web-auth has to be build with a env var and therefore can't be
configured before properly.
---
 modules/nixos/services/caddy/default.nix     | 60 ----------------
 modules/nixos/services/cinny/default.nix     | 64 +++++++++++++++++
 modules/nixos/services/ente-auth/default.nix | 47 +++++++++++++
 packages/ente-web-auth/default.nix           | 73 ++++++++++++++++++++
 systems/x86_64-linux/blarm/default.nix       |  3 +-
 5 files changed, 186 insertions(+), 61 deletions(-)
 delete mode 100644 modules/nixos/services/caddy/default.nix
 create mode 100644 modules/nixos/services/cinny/default.nix
 create mode 100644 modules/nixos/services/ente-auth/default.nix
 create mode 100644 packages/ente-web-auth/default.nix

diff --git a/modules/nixos/services/caddy/default.nix b/modules/nixos/services/caddy/default.nix
deleted file mode 100644
index 603ae80..0000000
--- a/modules/nixos/services/caddy/default.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{
-  lib,
-  config,
-  namespace,
-  ...
-}:
-with lib;
-with lib.${namespace};
-let
-  cfg = config.${namespace}.services.caddy;
-in
-{
-  options.${namespace}.services.caddy = {
-    enable = mkEnableOption "Caddy";
-  };
-
-  config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [
-      1338
-      8686
-    ];
-
-    services.caddy = {
-      enable = true;
-      virtualHosts = {
-        ":1338" = {
-          extraConfig = ''
-            root * /var/lib/caddy/ente
-            file_server
-          '';
-        };
-        ":8686" = {
-          extraConfig = ''
-            root * /var/lib/caddy/cinny
-            file_server
-
-            @index {
-              not path /index.html
-              not path /public/*
-              not path /assets/*
-
-              not path /config.json
-
-              not path /manifest.json
-              not path /sw.js
-
-              not path /pdf.worker.min.js
-              not path /olm.wasm
-
-              path /*
-            }
-
-            rewrite /*/olm.wasm /olm.wasm
-            rewrite @index /index.html
-          '';
-        };
-      };
-    };
-  };
-}
diff --git a/modules/nixos/services/cinny/default.nix b/modules/nixos/services/cinny/default.nix
new file mode 100644
index 0000000..258dc7b
--- /dev/null
+++ b/modules/nixos/services/cinny/default.nix
@@ -0,0 +1,64 @@
+{
+  lib,
+  pkgs,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+with lib.${namespace};
+let
+  cfg = config.${namespace}.services.cinny;
+in
+{
+  options.${namespace}.services.cinny = {
+    enable = mkEnableOption "Cinny";
+
+    package = mkOption {
+      description = "The package of Cinny to use.";
+      type = types.package;
+      default = pkgs.cinny-unwrapped;
+    };
+
+    port = mkOption {
+      description = "The port to serve Cinny on.";
+      type = types.nullOr types.int;
+      default = 8686;
+    };
+
+  };
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [
+      cfg.port
+    ];
+
+    services.caddy = {
+      enable = true;
+      virtualHosts.":${builtins.toString cfg.port}" = {
+        extraConfig = ''
+          root * ${cfg.package}
+          file_server
+
+          @index {
+            not path /index.html
+            not path /public/*
+            not path /assets/*
+
+            not path /config.json
+
+            not path /manifest.json
+            not path /sw.js
+
+            not path /pdf.worker.min.js
+            not path /olm.wasm
+
+            path /*
+          }
+
+          rewrite /*/olm.wasm /olm.wasm
+          rewrite @index /index.html
+        '';
+      };
+    };
+  };
+}
diff --git a/modules/nixos/services/ente-auth/default.nix b/modules/nixos/services/ente-auth/default.nix
new file mode 100644
index 0000000..ef431b0
--- /dev/null
+++ b/modules/nixos/services/ente-auth/default.nix
@@ -0,0 +1,47 @@
+{
+  lib,
+  pkgs,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+with lib.${namespace};
+let
+  cfg = config.${namespace}.services.ente-auth;
+in
+{
+  options.${namespace}.services.ente-auth = {
+    enable = mkEnableOption "Ente-Auth";
+
+    package = mkOption {
+      description = "The package of Ente-Auth to use.";
+      type = types.package;
+      default = pkgs.awesome-flake.ente-web-auth;
+    };
+
+    port = mkOption {
+      description = "The port to serve Ente-Auth on.";
+      type = types.nullOr types.int;
+      default = 1338;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [
+      cfg.port
+    ];
+
+    services.caddy = {
+      enable = true;
+      virtualHosts = {
+        ":${builtins.toString cfg.port}" = {
+          extraConfig = ''
+            root * ${cfg.package}
+            file_server
+          '';
+        };
+      };
+    };
+  };
+}
diff --git a/packages/ente-web-auth/default.nix b/packages/ente-web-auth/default.nix
new file mode 100644
index 0000000..cd3451d
--- /dev/null
+++ b/packages/ente-web-auth/default.nix
@@ -0,0 +1,73 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  fetchYarnDeps,
+  nodejs,
+  yarnConfigHook,
+  yarnBuildHook,
+  nix-update-script,
+  extraBuildEnv ? { },
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "ente-web-auth";
+  version = "4.3.6";
+
+  src = fetchFromGitHub {
+    owner = "ente-io";
+    repo = "ente";
+    sparseCheckout = [ "auth" ];
+    tag = "auth-v${finalAttrs.version}";
+    fetchSubmodules = true;
+    hash = "sha256-/dWnaVll/kaKHTJ5gH18BR6JG5E6pF7/j+SgvE66b7M=";
+  };
+  sourceRoot = "${finalAttrs.src.name}/web";
+
+  offlineCache = fetchYarnDeps {
+    yarnLock = "${finalAttrs.src}/web/yarn.lock";
+    hash = "sha256-Wu0/YHqkqzrmA5hpVk0CX/W1wJUh8uZSjABuc+DPxMA=";
+  };
+
+  nativeBuildInputs = [
+    yarnConfigHook
+    yarnBuildHook
+    nodejs
+  ];
+
+  # See: https://github.com/ente-io/ente/blob/main/web/apps/photos/.env
+  env = extraBuildEnv;
+
+  buildPhase = ''
+    export NEXT_PUBLIC_ENTE_ENDPOINT=https://ente-api.monapona.dev
+    yarn build:auth
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    cp -r apps/auth/out $out
+
+    runHook postInstall
+  '';
+
+  passthru.updateScript = nix-update-script {
+    extraArgs = [
+      "--version-regex"
+      "auth-v(.*)"
+    ];
+  };
+
+  meta = {
+    description = "Web client for Ente Auth";
+    homepage = "https://ente.io/";
+    changelog = "https://github.com/ente-io/ente/releases";
+    license = lib.licenses.agpl3Only;
+    maintainers = with lib.maintainers; [
+      surfaceflinger
+      pinpox
+      spaenny
+    ];
+    platforms = lib.platforms.all;
+  };
+})
diff --git a/systems/x86_64-linux/blarm/default.nix b/systems/x86_64-linux/blarm/default.nix
index a620325..c25671c 100644
--- a/systems/x86_64-linux/blarm/default.nix
+++ b/systems/x86_64-linux/blarm/default.nix
@@ -53,7 +53,8 @@ with lib.${namespace};
   awesome-flake = {
     services = {
       ssh = enabled;
-      caddy = enabled;
+      cinny = enabled;
+      ente-auth = enabled;
       restic = enabled;
     };