chaos/piped-flake
1
0
Fork 0
Code Issues 1 Activity

add option to turn on DISALLOW_IMAGE_TRANSCODING

Browse source
This commit is contained in:
chaos 2023-09-30 18:17:15 +01:00
parent 705764f62d
commit 35eabea591
No known key found for this signature in database
4 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
flake.nix
View file

@ -27,9 +27,12 @@
jdk = final.openjdk19; jdk = final.openjdk19;
}; };
piped-proxy = final.callPackage ./packages/proxy {}; piped-proxy = final.callPackage ./packages/proxy {};
piped-proxy-openssl = piped-proxy.override { withOpenSSL = true; }; piped-proxy-openssl = piped-proxy.override {withOpenSSL = true;};
piped-proxy-minimal = piped-proxy.override { withAVIF = false; withWebP = false; }; piped-proxy-minimal = piped-proxy.override {
piped-proxy-minimal-openssl = piped-proxy-minimal.override { withOpenSSL = true; }; withAVIF = false;
withWebP = false;
};
piped-proxy-minimal-openssl = piped-proxy-minimal.override {withOpenSSL = true;};
piped-backend-deps = final.callPackage ./packages/backend/deps.nix { piped-backend-deps = final.callPackage ./packages/backend/deps.nix {
jdk = final.openjdk19; jdk = final.openjdk19;
}; };

6
module/default.nix
View file

@ -274,6 +274,12 @@ in {
default = 3002; default = 3002;
}; };
disallowImageTranscoding = mkOption {
type = types.bool;
default = false;
description = "turns off transcoding thumbnails/other to webp/avif if client adds those to allowed mime types on image requests; may use a lot of CPU depending on how many users";
};
nginx = { nginx = {
disableNginx = mkOption { disableNginx = mkOption {
type = types.bool; type = types.bool;

1
module/proxy.nix
View file

@ -35,6 +35,7 @@ in {
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
environment.BIND = "0.0.0.0:${toString proxyConfig.internalPort}"; environment.BIND = "0.0.0.0:${toString proxyConfig.internalPort}";
environment.IPV4_ONLY = mkIf proxyConfig.proxyIPv4Only "1"; environment.IPV4_ONLY = mkIf proxyConfig.proxyIPv4Only "1";
environment.DISALLOW_IMAGE_TRANSCODING = mkIf proxyConfig.disallowImageTranscoding "1";
serviceConfig = { serviceConfig = {
ExecStart = "${proxyConfig.package}/bin/piped-proxy"; ExecStart = "${proxyConfig.package}/bin/piped-proxy";

2
packages/proxy/default.nix
View file

@ -34,7 +34,7 @@ in
++ (optional withMimalloc "mimalloc") ++ (optional withMimalloc "mimalloc")
++ (optional withMimalloc "avif") ++ (optional withMimalloc "avif")
++ (optional withMimalloc "webp"); ++ (optional withMimalloc "webp");
buildInputs = optional withOpenSSL openssl; buildInputs = optional withOpenSSL openssl;
nativeBuildInputs = [] ++ (optional withAVIF nasm) ++ (optional withOpenSSL pkg-config); nativeBuildInputs = [] ++ (optional withAVIF nasm) ++ (optional withOpenSSL pkg-config);