Move app files into cluster subdirectories; add prod garage

1 files changed, 77 insertions, 0 deletions

diff --git a/cluster/prod/app/cryptpad/build/default.nix b/cluster/prod/app/cryptpad/build/default.nix
new file mode 100644
index 0000000..f0a5c00
--- /dev/null
+++ b/cluster/prod/app/cryptpad/build/default.nix
@@ -0,0 +1,77 @@
+let
+  common = import ./common.nix;
+  pkgs = import common.pkgsSrc {};
+  nodejs = pkgs.${common.nodejs};
+
+  bower = (pkgs.buildBowerComponents {
+    name = "cryptpad-${common.cryptpadVersion}-bower";
+    generated = ./nix.lock/bower.nix;
+    src = common.cryptpadSrc;
+  }).overrideAttrs (old: {
+    bowerPackages = old.bowerPackages.override (old_: {
+      # add missing dependencies:
+      # Those dependencies are EOL and they are not installed by buildBowerComponents,
+      # but they are required, otherwise the resolver crashes.
+      # * add the second jquery ~2.1.0 entry
+      # * add the second bootstrap ~3.1.1 entry
+      paths = old_.paths ++ [
+        (pkgs.fetchbower "jquery" "2.1.0" "~2.1.0" "02kwvz93vzpv10qnp7s0dz3al0jh77awwrizb6wadsvgifxssnlr")
+        (pkgs.fetchbower "bootstrap" "3.1.1" "~3.1.1" "06bhjwa8p7mzbpr3jkgydd804z1nwrkdql66h7jkfml99psv9811")
+      ];
+    });
+  });
+
+  npm = import ./nix.lock/npm.nix {
+    inherit pkgs;
+  };
+   
+in
+  pkgs.stdenv.mkDerivation {
+    name = "cryptpad-${common.cryptpadVersion}";
+    src = common.cryptpadSrc;
+
+    buildPhase = ''
+      cp -r ${npm.nodeDependencies}/lib/node_modules node_modules
+      chmod +w -R node_modules
+
+      # clear executable files inside the node_modules folder to reduce dependencies
+      # and attack surface
+      find node_modules -type f ! -path 'node_modules/gar/*' -executable -print | tee >(xargs -n 20 rm)
+
+      # Remove only office that IS BIG
+      # COMMENTED as it is not as easy as planned.
+      # rm -rf www/common/onlyoffice
+    '';
+
+    installPhase = ''
+      mkdir -p $out/{bin,opt}
+
+      out_cryptpad=$out/opt/
+
+      # copy the source code
+      cp -r .bowerrc bower.json package.json package-lock.json customize.dist lib server.js www $out_cryptpad
+
+      # mount node_modules
+      cp -r node_modules $out_cryptpad/node_modules
+
+      # patch
+      substituteInPlace $out_cryptpad/lib/workers/index.js --replace "lib/workers/db-worker" "$out_cryptpad/lib/workers/db-worker"
+
+      # mount bower, based on the .bowerrc file at the git repo root
+      cp -r ${bower}/bower_components $out_cryptpad/www/
+
+      # cryptpad is bugged with absolute path, this is a workaround to use absolute path as relative path
+      ln -s / $out_cryptpad/root
+
+      # start script, cryptpad is lost if its working directory is not its source directory
+      cat > $out/bin/cryptpad <<EOF
+      #!${pkgs.stdenv.shell}
+      cd $out_cryptpad
+      exec ${nodejs}/bin/node server.js
+      EOF
+
+      chmod +x $out/bin/cryptpad
+    '';
+
+    dontFixup = true;
+  }