summaryrefslogtreecommitdiff
path: root/flora
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--flora/services/cgit.nix170
1 files changed, 88 insertions, 82 deletions
diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix
index f18fd69..e72f276 100644
--- a/flora/services/cgit.nix
+++ b/flora/services/cgit.nix
@@ -1,93 +1,99 @@
{pkgs, config, ...}:
+let
+ cgitconf = ''
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+ cache-size=1000
+ logo=/git/cgit.png
+ favicon=/git/favicon.ico
+ virtual-root=/git
+
+ # take css from an assumed repo `config`
+ css=/git/config/plain/cgit.css
+
+ # remove .git extensions from repo names
+ remove-suffix=1
+
+ # readme formats which may be parsed
+ readme=:README.md
+ readme=:README
+ readme=:README.txt
+ readme=:README.org
+
+ enable-follow-links=1
+ enable-html-serving=1
+ enable-index-owner=0
+
+ mimetype.css=text/css
+ mimetype.jpg=image/jpeg
+ mimetype.jpeg=image/jpeg
+ mimetype.pdf=application/pdf
+ mimetype.png=image/png
+ mimetype.svg=image/svg+xml
+
+ # some nice formatting
+ root-title=An Assortment of Stuff
+ root-desc=hand-squished into git repos
+ enable-commit-graph=1
+ enable-log-linecount=1
+ enable-log-filecount=1
+ branch-sort=age
+ # suppress email addresses in html logs
+ noplainemail=1
+
+ # maximum file size for plain blobs in kilobyte
+ max-blob-size=100
+
+ cache-scanrc-ttl=1
+
+ scan-path=/var/git/public
+
+ section=Forks
+ clone-url=https://stuebinm.eu/git/forks/$CGIT_REPO_URL
+ scan-path=/var/git/forks
+ '';
+in
{
- containers.cgit = {
- autoStart = true;
- privateNetwork = true;
- hostAddress6 = "fd00::42:12";
- localAddress6 = "fd00::42:13";
-
- bindMounts."/git" = {
- hostPath = "/var/git/public";
- isReadOnly = true;
- };
-
- bindMounts."/forks" = {
- hostPath = "/var/git/forks";
- isReadOnly = true;
- };
-
- config = {pkgs, config, ...}: {
- system.stateVersion = "20.09";
- services.lighttpd.enable = true;
- services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
- services.lighttpd.cgit = {
- enable = true;
- subdir = "git";
- configText = ''
- source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
- about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
- cache-size=1000
- logo=/git/cgit.png
- favicon=/git/favicon.ico
-
- # take css from an assumed repo `config`
- css=/git/config/plain/cgit.css
-
- # remove .git extensions from repo names
- remove-suffix=1
-
- # readme formats which may be parsed
- readme=:README.md
- readme=:README
- readme=:README.txt
- readme=:README.org
-
- # allow cloning repos
- enable-http-clone=1
-
- enable-follow-links=1
- enable-html-serving=1
- enable-index-owner=0
-
- mimetype.css=text/css
- mimetype.jpg=image/jpeg
- mimetype.jpeg=image/jpeg
- mimetype.pdf=application/pdf
- mimetype.png=image/png
- mimetype.svg=image/svg+xml
-
- # some nice formatting
- root-title=An Assortment of Stuff
- root-desc=hand-squished into git repos
- enable-commit-graph=1
- enable-log-linecount=1
- enable-log-filecount=1
- branch-sort=age
- # suppress email addresses in html logs
- noplainemail=1
-
- # maximum file size for plain blobs in kilobyte
- max-blob-size=100
-
- cache-scanrc-ttl=1
-
- scan-path=/git
-
- section=Forks
- scan-path=/forks
- '';
- };
-
- networking.firewall.allowedTCPPorts = [ 80 ];
- };
+ services.fcgiwrap = {
+ user = "git";
+ group = "users";
+ enable = true;
};
- services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."stuebinm.eu" = {
- locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
enableACME = true;
forceSSL = true;
+
+ locations."~ /git(/.*)".extraConfig = ''
+ fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
+ fastcgi_param CGIT_CONFIG ${pkgs.writeText "cgit.conf" cgitconf};
+ fastcgi_param PATH_INFO $1;
+ '';
+
+ locations."~ /git(/[^/]*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
+ extraConfig = ''
+ fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
+ fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /var/git/public;
+ fastcgi_param PATH_INFO $1;
+ '';
+ };
+
+ locations."~ /git/forks(/.*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
+ extraConfig = ''
+ fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
+ fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /var/git/forks;
+ fastcgi_param PATH_INFO $1;
+ '';
+ };
};
# user for git repo administration