From 740b7202859f318da33cefdaadb4ae6f424c3b19 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Tue, 6 Jul 2021 13:53:00 -0400
Subject: [PATCH] enable brotli/gzip via precompression for Element

---
 .gitignore       |  2 ++
 deploy_static    | 33 +++++++++++++++++++++++++++++++++
 nginx/nginx.conf |  7 ++++++-
 process_static   | 16 ++++++++++++++++
 4 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 .gitignore
 create mode 100755 deploy_static
 create mode 100755 process_static

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..cd6b1b1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+nginx.conf.tmp
+static_tmp
diff --git a/deploy_static b/deploy_static
new file mode 100755
index 0000000..72b2fc4
--- /dev/null
+++ b/deploy_static
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -o errexit -o nounset -o pipefail
+
+./process_static
+
+remote=root@element.grapheneos.org
+active=$(ssh $remote readlink /srv/element.grapheneos.org)
+
+if [[ $active = /srv/element.grapheneos.org_a ]]; then
+    target=/srv/element.grapheneos.org_b
+else
+    target=/srv/element.grapheneos.org_a
+fi
+
+echo active is $active
+echo target is $target
+echo
+
+ssh $remote rm -rf $target
+ssh $remote cp -a $active $target
+rsync -rpcv --chmod=D755,F644 --delete static_tmp/ $remote:$target
+ssh $remote sync -f $target
+ssh $remote ln -snf $target /srv/element.grapheneos.org
+ssh $remote sync .
+
+sed -i "s|/srv/element.grapheneos.org|$target|" nginx.conf.tmp
+rsync -rpcv --chmod=D755,F644 --delete nginx.conf.tmp $remote:/etc/nginx/nginx.conf
+ssh $remote sync -f /etc/nginx/nginx.conf
+ssh $remote nginx -s reload
+
+echo
+echo active is now $target
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 475c719..e37549a 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -138,7 +138,7 @@ http {
         listen [::]:443 ssl http2;
         server_name element.grapheneos.org;
 
-        root /usr/share/webapps/element;
+        root /srv/element.grapheneos.org;
 
         include snippets/security-headers.conf;
         add_header Cross-Origin-Resource-Policy "same-origin" always;
@@ -146,6 +146,11 @@ http {
         # obsolete and replaced with Content-Security-Policy frame-ancestors 'self'
         add_header X-Frame-Options "SAMEORIGIN" always;
         add_header X-Robots-Tag "none";
+
+        location ~ '\.(css|html|ico|js|json|map|pdf|svg|txt|wasm|xml)$' {
+            gzip_static on;
+            brotli_static on;
+        }
     }
 
     server {
diff --git a/process_static b/process_static
new file mode 100755
index 0000000..bf7e578
--- /dev/null
+++ b/process_static
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -o errexit -o nounset -o pipefail
+shopt -s dotglob extglob globstar
+
+export PATH="$PWD/node_modules/.bin:$PATH"
+
+rm -rf static_tmp
+cp -a /usr/share/webapps/element static_tmp
+cp --remove-destination webapps/element/config.json static_tmp/config.json
+
+cp nginx/nginx.conf nginx.conf.tmp
+
+find static_tmp -regex '.+\.\(css\|html\|ico\|js\|json\|map\|pdf\|svg\|txt\|webmanifest\|xml\|wasm\)' \
+    -exec zopfli {} \; -exec touch -r {} {}.gz \; \
+    -exec brotli -k {} \;