From 20b38c614a78e79ff7bfeb999db7e87cc0f28bef Mon Sep 17 00:00:00 2001
From: Atridad Lahiji <me@atri.dad>
Date: Fri, 25 Jul 2025 22:41:56 -0600
Subject: [PATCH] Nix all the things

---
 .env.example                 | 23 +++++----
 .github/workflows/deploy.yml | 35 ++++++++------
 .gitignore                   |  1 +
 docker-compose.yml           | 18 ++++---
 flake.nix                    | 94 +++++++++++++++++++++++++++++++++---
 5 files changed, 130 insertions(+), 41 deletions(-)

diff --git a/.env.example b/.env.example
index 3dbf456..b9ed3d7 100644
--- a/.env.example
+++ b/.env.example
@@ -1,14 +1,13 @@
-# SMTP Configuration
-SMTP_HOST=smtp.site.com
-SMTP_PORT=587
-SMTP_USER=email@site.com
-SMTP_PASSWORD=your-app-password
+# Container Image
+IMAGE=atashdotdev:latest
 
-# Email Configuration  
-FROM_EMAIL=email@site.com
-TO_EMAIL=email@site.com
-
-# Application Configuration
-NODE_ENV=production
+# Application Port
 APP_PORT=4321
-IMAGE=git.atri.dad/atridad/atashdotdev
\ No newline at end of file
+
+# SMTP Configuration (required for contact form)
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=your-email@example.com
+SMTP_PASSWORD=your-password
+FROM_EMAIL=noreply@atash.dev
+TO_EMAIL=contact@atash.dev
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index abea909..79070ac 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,9 +1,10 @@
-name: Docker Deploy
+name: Build and Deploy
 on:
   push:
     branches: [main]
   pull_request:
     branches: [main]
+
 jobs:
   build-and-push:
     runs-on: ubuntu-latest
@@ -12,24 +13,30 @@ jobs:
       packages: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - name: Install Nix
+        uses: cachix/install-nix-action@v26
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+
+      - name: Build container image
+        run: |
+          nix build --impure --print-build-logs
+          docker load < result
 
       - name: Login to Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ secrets.REPO_HOST }}
           username: ${{ github.repository_owner }}
           password: ${{ secrets.DEPLOY_TOKEN }}
 
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64
-          push: true
-          tags: |
-            ${{ secrets.REPO_HOST }}/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.sha }}
-            ${{ secrets.REPO_HOST }}/${{ github.repository_owner }}/${{ github.event.repository.name }}:latest
+      - name: Tag and push images
+        run: |
+          docker tag atashdotdev:latest ${{ secrets.REPO_HOST }}/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.sha }}
+          docker tag atashdotdev:latest ${{ secrets.REPO_HOST }}/${{ github.repository_owner }}/${{ github.event.repository.name }}:latest
+          docker push ${{ secrets.REPO_HOST }}/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.sha }}
+          docker push ${{ secrets.REPO_HOST }}/${{ github.repository_owner }}/${{ github.event.repository.name }}:latest
diff --git a/.gitignore b/.gitignore
index 016b59e..8bda708 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 # build output
 dist/
+result
 
 # generated types
 .astro/
diff --git a/docker-compose.yml b/docker-compose.yml
index 3c9157e..955bf0c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,14 +1,16 @@
 services:
   app:
-    image: ${IMAGE}
+    image: ${IMAGE:-atashdotdev:latest}
     ports:
-      - "${APP_PORT}:4321"
+      - "${APP_PORT:-4321}:4321"
     environment:
       NODE_ENV: production
-      SMTP_HOST: ${SMTP_HOST}
-      SMTP_PORT: ${SMTP_PORT}
-      SMTP_USER: ${SMTP_USER}
-      SMTP_PASSWORD: ${SMTP_PASSWORD}
-      FROM_EMAIL: ${FROM_EMAIL}
-      TO_EMAIL: ${TO_EMAIL}
+      HOST: 0.0.0.0
+      PORT: 4321
+      SMTP_HOST: ${SMTP_HOST:-}
+      SMTP_PORT: ${SMTP_PORT:-587}
+      SMTP_USER: ${SMTP_USER:-}
+      SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+      FROM_EMAIL: ${FROM_EMAIL:-noreply@atash.dev}
+      TO_EMAIL: ${TO_EMAIL:-}
     restart: unless-stopped
diff --git a/flake.nix b/flake.nix
index d011463..335b784 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "Development environment for atashdotdev with Node and pnpm";
+  description = "atashdotdev - Astro application with Nix build";
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
@@ -10,24 +10,104 @@
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = nixpkgs.legacyPackages.${system};
+
+        # Build the Astro application
+        atashdotdev = pkgs.stdenv.mkDerivation rec {
+          pname = "atashdotdev";
+          version = "1.1.0";
+
+          src = ./.;
+
+          nativeBuildInputs = with pkgs; [
+            nodejs_24
+            nodePackages.pnpm
+            cacert
+          ];
+
+          configurePhase = ''
+            export HOME=$TMPDIR
+            export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
+            pnpm config set store-dir $TMPDIR/pnpm-store
+          '';
+
+          buildPhase = ''
+            pnpm install --frozen-lockfile
+            pnpm build
+          '';
+
+          installPhase = ''
+            mkdir -p $out/lib/atashdotdev
+            cp -r dist $out/lib/atashdotdev/
+            cp package.json $out/lib/atashdotdev/
+            cp pnpm-lock.yaml $out/lib/atashdotdev/
+
+            cd $out/lib/atashdotdev
+            pnpm install --prod --frozen-lockfile
+
+            mkdir -p $out/bin
+            cat > $out/bin/atashdotdev << 'EOF'
+#!/bin/sh
+cd $out/lib/atashdotdev
+exec ${pkgs.nodejs_24}/bin/node ./dist/server/entry.mjs "$@"
+EOF
+            chmod +x $out/bin/atashdotdev
+          '';
+        };
+
+        # Container image
+        containerImage = pkgs.dockerTools.buildLayeredImage {
+          name = "atashdotdev";
+          tag = "latest";
+
+          contents = with pkgs; [
+            atashdotdev
+            nodejs_24
+            bash
+            coreutils
+            cacert
+          ];
+
+          config = {
+            Cmd = [ "${atashdotdev}/bin/atashdotdev" ];
+            ExposedPorts = {
+              "4321/tcp" = {};
+            };
+            Env = [
+              "NODE_ENV=production"
+              "HOST=0.0.0.0"
+              "PORT=4321"
+            ];
+            WorkingDir = "${atashdotdev}/lib/atashdotdev";
+          };
+        };
+
       in
       {
+        # Dev shell
         devShells.default = pkgs.mkShell {
           packages = with pkgs; [
             nodejs_24
             nodePackages.pnpm
           ];
+        };
 
-          shellHook = ''
-            echo "🚀 atashdotdev development environment loaded!"
-            echo "Node version: $(node --version)"
-            echo "pnpm version: $(pnpm --version)"
+        # Default package is the container
+        packages = {
+          default = containerImage;
+          atashdotdev = atashdotdev;
+          containerImage = containerImage;
+        };
 
+        # Dev server app
+        apps.default = {
+          type = "app";
+          program = "${pkgs.writeShellScript "dev" ''
+            export PATH="${pkgs.nodejs_24}/bin:${pkgs.nodePackages.pnpm}/bin:$PATH"
             if [ ! -d "node_modules" ]; then
-              echo "📦 Installing pnpm dependencies..."
               pnpm install --frozen-lockfile
             fi
-          '';
+            pnpm dev
+          ''}";
         };
       });
 }