diff options
Diffstat (limited to 'flora/services')
| -rw-r--r-- | flora/services/cgit.nix | 170 | 
1 files changed, 88 insertions, 82 deletions
| diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix index f18fd69..e72f276 100644 --- a/flora/services/cgit.nix +++ b/flora/services/cgit.nix @@ -1,93 +1,99 @@  {pkgs, config, ...}: +let +  cgitconf = '' +    source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py +    about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh +    cache-size=1000 +    logo=/git/cgit.png +    favicon=/git/favicon.ico +    virtual-root=/git + +    # take css from an assumed repo `config` +    css=/git/config/plain/cgit.css + +    # remove .git extensions from repo names +    remove-suffix=1 + +    # readme formats which may be parsed +    readme=:README.md +    readme=:README +    readme=:README.txt +    readme=:README.org + +    enable-follow-links=1 +    enable-html-serving=1 +    enable-index-owner=0 + +    mimetype.css=text/css +    mimetype.jpg=image/jpeg +    mimetype.jpeg=image/jpeg +    mimetype.pdf=application/pdf +    mimetype.png=image/png +    mimetype.svg=image/svg+xml + +    # some nice formatting +    root-title=An Assortment of Stuff +    root-desc=hand-squished into git repos +    enable-commit-graph=1 +    enable-log-linecount=1 +    enable-log-filecount=1 +    branch-sort=age +    # suppress email addresses in html logs +    noplainemail=1 + +    # maximum file size for plain blobs in kilobyte +    max-blob-size=100 + +    cache-scanrc-ttl=1 + +    scan-path=/var/git/public + +    section=Forks +    clone-url=https://stuebinm.eu/git/forks/$CGIT_REPO_URL +    scan-path=/var/git/forks +  ''; +in  { -  containers.cgit = {  -    autoStart = true; -    privateNetwork = true; -    hostAddress6 = "fd00::42:12"; -    localAddress6 = "fd00::42:13"; - -    bindMounts."/git" = { -      hostPath = "/var/git/public"; -      isReadOnly = true; -    }; - -    bindMounts."/forks" = { -      hostPath = "/var/git/forks"; -      isReadOnly = true; -    }; - -    config = {pkgs, config, ...}: { -      system.stateVersion = "20.09"; -      services.lighttpd.enable = true; -      services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"''; -      services.lighttpd.cgit = { -        enable = true; -        subdir = "git"; -        configText = '' -          source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py -          about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh -          cache-size=1000 -          logo=/git/cgit.png -          favicon=/git/favicon.ico - -          # take css from an assumed repo `config` -          css=/git/config/plain/cgit.css - -          # remove .git extensions from repo names -          remove-suffix=1 - -          # readme formats which may be parsed -          readme=:README.md -          readme=:README -          readme=:README.txt -          readme=:README.org - -          # allow cloning repos -          enable-http-clone=1 -                   -          enable-follow-links=1 -          enable-html-serving=1 -          enable-index-owner=0 - -          mimetype.css=text/css -          mimetype.jpg=image/jpeg -          mimetype.jpeg=image/jpeg -          mimetype.pdf=application/pdf -          mimetype.png=image/png -          mimetype.svg=image/svg+xml - -          # some nice formatting -          root-title=An Assortment of Stuff -          root-desc=hand-squished into git repos -          enable-commit-graph=1 -          enable-log-linecount=1 -          enable-log-filecount=1 -          branch-sort=age -          # suppress email addresses in html logs -          noplainemail=1 - -          # maximum file size for plain blobs in kilobyte -          max-blob-size=100 - -          cache-scanrc-ttl=1 - -          scan-path=/git - -          section=Forks -          scan-path=/forks -        ''; -      }; - -      networking.firewall.allowedTCPPorts = [ 80 ]; -    }; +  services.fcgiwrap = { +    user = "git"; +    group = "users"; +    enable = true;    }; -  services.nginx.recommendedProxySettings = true;    services.nginx.virtualHosts."stuebinm.eu" = { -    locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";      enableACME = true;      forceSSL = true; + +    locations."~ /git(/.*)".extraConfig = '' +      fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress}; +      include       ${pkgs.nginx}/conf/fastcgi_params; +      fastcgi_param SCRIPT_FILENAME     ${pkgs.cgit}/cgit/cgit.cgi; +      fastcgi_param CGIT_CONFIG     ${pkgs.writeText "cgit.conf" cgitconf}; +      fastcgi_param PATH_INFO           $1; +    ''; + +    locations."~ /git(/[^/]*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = { +      extraConfig = '' +        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress}; +        include       ${pkgs.nginx}/conf/fastcgi_params; +        fastcgi_param SCRIPT_FILENAME     ${pkgs.git}/bin/git-http-backend; +        fastcgi_param GIT_HTTP_EXPORT_ALL ""; +        fastcgi_param GIT_PROJECT_ROOT    /var/git/public; +        fastcgi_param PATH_INFO           $1; +      ''; +    }; + +    locations."~ /git/forks(/.*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = { +      extraConfig = '' +        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress}; +        include       ${pkgs.nginx}/conf/fastcgi_params; +        fastcgi_param SCRIPT_FILENAME     ${pkgs.git}/bin/git-http-backend; +        fastcgi_param GIT_HTTP_EXPORT_ALL ""; +        fastcgi_param GIT_PROJECT_ROOT    /var/git/forks; +        fastcgi_param PATH_INFO           $1; +      ''; +    };    };    # user for git repo administration | 
