cgit: chaski -> flora; general cleanup

1 files changed, 94 insertions, 0 deletions

diff --git a/hosts/flora/services/cgit.nix b/hosts/flora/services/cgit.nix
new file mode 100644
index 0000000..094bfd5
--- /dev/null
+++ b/hosts/flora/services/cgit.nix
@@ -0,0 +1,94 @@
+{pkgs, config, ...}:
+
+{
+  containers.cgit = { 
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress6 = "fd00::42:12";
+    localAddress6 = "fd00::42:13";
+
+    bindMounts."/git" = {
+      hostPath = "/var/git/public";
+      isReadOnly = true;
+    };
+
+    config = {pkgs, config, ...}: {
+      services.lighttpd.enable = true;
+      services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
+      services.lighttpd.cgit = {
+        enable = true;
+        subdir = "git";
+        configText = ''
+          source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+          about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+          cache-size=1000
+          logo=/git/cgit.png
+          favicon=/git/favicon.ico
+
+          # take css from an assumed repo `config`
+          css=/git/config/plain/cgit.css
+
+          # remove .git extensions from repo names
+          remove-suffix=1
+
+          # readme formats which may be parsed
+          readme=:README.md
+          readme=:README
+          readme=:README.txt
+          readme=:README.org
+
+          # allow cloning repos
+          enable-http-clone=1
+                  
+          enable-follow-links=1
+          enable-html-serving=1
+          enable-index-owner=0
+
+          mimetype.css=text/css
+          mimetype.jpg=image/jpeg
+          mimetype.jpeg=image/jpeg
+          mimetype.pdf=application/pdf
+          mimetype.png=image/png
+          mimetype.svg=image/svg+xml
+
+          # some nice formatting
+          root-title=An Assortment of Stuff
+          root-desc=hand-squished into git repos
+          enable-commit-graph=1
+          enable-log-linecount=1
+          enable-log-filecount=1
+          branch-sort=age
+          # suppress email addresses in html logs
+          noplainemail=1
+
+          # maximum file size for plain blobs in kilobyte
+          max-blob-size=100
+
+          cache-scanrc-ttl=1
+
+          scan-path=/git
+        '';
+      };
+
+      networking.firewall.allowedTCPPorts = [ 80 ];
+    };
+  };
+
+  services.nginx.recommendedProxySettings = true;
+  services.nginx.virtualHosts."stuebinm.eu" = {
+    locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  # user for git repo administration
+  users.users.git = {
+    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
+    home = "/var/git";
+    isNormalUser = true;
+    packages = [ pkgs.git ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+}