summaryrefslogtreecommitdiff
path: root/flora/services/cgit.nix
diff options
context:
space:
mode:
Diffstat (limited to 'flora/services/cgit.nix')
-rw-r--r--flora/services/cgit.nix94
1 files changed, 94 insertions, 0 deletions
diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix
new file mode 100644
index 0000000..094bfd5
--- /dev/null
+++ b/flora/services/cgit.nix
@@ -0,0 +1,94 @@
+{pkgs, config, ...}:
+
+{
+ containers.cgit = {
+ autoStart = true;
+ privateNetwork = true;
+ hostAddress6 = "fd00::42:12";
+ localAddress6 = "fd00::42:13";
+
+ bindMounts."/git" = {
+ hostPath = "/var/git/public";
+ isReadOnly = true;
+ };
+
+ config = {pkgs, config, ...}: {
+ services.lighttpd.enable = true;
+ services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
+ services.lighttpd.cgit = {
+ enable = true;
+ subdir = "git";
+ configText = ''
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+ cache-size=1000
+ logo=/git/cgit.png
+ favicon=/git/favicon.ico
+
+ # take css from an assumed repo `config`
+ css=/git/config/plain/cgit.css
+
+ # remove .git extensions from repo names
+ remove-suffix=1
+
+ # readme formats which may be parsed
+ readme=:README.md
+ readme=:README
+ readme=:README.txt
+ readme=:README.org
+
+ # allow cloning repos
+ enable-http-clone=1
+
+ enable-follow-links=1
+ enable-html-serving=1
+ enable-index-owner=0
+
+ mimetype.css=text/css
+ mimetype.jpg=image/jpeg
+ mimetype.jpeg=image/jpeg
+ mimetype.pdf=application/pdf
+ mimetype.png=image/png
+ mimetype.svg=image/svg+xml
+
+ # some nice formatting
+ root-title=An Assortment of Stuff
+ root-desc=hand-squished into git repos
+ enable-commit-graph=1
+ enable-log-linecount=1
+ enable-log-filecount=1
+ branch-sort=age
+ # suppress email addresses in html logs
+ noplainemail=1
+
+ # maximum file size for plain blobs in kilobyte
+ max-blob-size=100
+
+ cache-scanrc-ttl=1
+
+ scan-path=/git
+ '';
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 ];
+ };
+ };
+
+ services.nginx.recommendedProxySettings = true;
+ services.nginx.virtualHosts."stuebinm.eu" = {
+ locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
+ enableACME = true;
+ forceSSL = true;
+ };
+
+ # user for git repo administration
+ users.users.git = {
+ openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
+ home = "/var/git";
+ isNormalUser = true;
+ packages = [ pkgs.git ];
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+}