From 10b75cc294d416505bde93db98265903a3893b5f Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Sun, 31 Jul 2022 14:26:37 +0200
Subject: cgit: get rid of lighttpd, the container & git's dumb http

this isn't perfect (and cloning forks is now kinda awkward), but at
least cloning things seems to reliably work now. Hurray!
---
 flora/services/cgit.nix | 170 +++++++++++++++++++++++++-----------------------
 1 file changed, 88 insertions(+), 82 deletions(-)

diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix
index f18fd69..e72f276 100644
--- a/flora/services/cgit.nix
+++ b/flora/services/cgit.nix
@@ -1,93 +1,99 @@
 {pkgs, config, ...}:
 
+let
+  cgitconf = ''
+    source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+    about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+    cache-size=1000
+    logo=/git/cgit.png
+    favicon=/git/favicon.ico
+    virtual-root=/git
+
+    # take css from an assumed repo `config`
+    css=/git/config/plain/cgit.css
+
+    # remove .git extensions from repo names
+    remove-suffix=1
+
+    # readme formats which may be parsed
+    readme=:README.md
+    readme=:README
+    readme=:README.txt
+    readme=:README.org
+
+    enable-follow-links=1
+    enable-html-serving=1
+    enable-index-owner=0
+
+    mimetype.css=text/css
+    mimetype.jpg=image/jpeg
+    mimetype.jpeg=image/jpeg
+    mimetype.pdf=application/pdf
+    mimetype.png=image/png
+    mimetype.svg=image/svg+xml
+
+    # some nice formatting
+    root-title=An Assortment of Stuff
+    root-desc=hand-squished into git repos
+    enable-commit-graph=1
+    enable-log-linecount=1
+    enable-log-filecount=1
+    branch-sort=age
+    # suppress email addresses in html logs
+    noplainemail=1
+
+    # maximum file size for plain blobs in kilobyte
+    max-blob-size=100
+
+    cache-scanrc-ttl=1
+
+    scan-path=/var/git/public
+
+    section=Forks
+    clone-url=https://stuebinm.eu/git/forks/$CGIT_REPO_URL
+    scan-path=/var/git/forks
+  '';
+in
 {
-  containers.cgit = { 
-    autoStart = true;
-    privateNetwork = true;
-    hostAddress6 = "fd00::42:12";
-    localAddress6 = "fd00::42:13";
-
-    bindMounts."/git" = {
-      hostPath = "/var/git/public";
-      isReadOnly = true;
-    };
-
-    bindMounts."/forks" = {
-      hostPath = "/var/git/forks";
-      isReadOnly = true;
-    };
-
-    config = {pkgs, config, ...}: {
-      system.stateVersion = "20.09";
-      services.lighttpd.enable = true;
-      services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
-      services.lighttpd.cgit = {
-        enable = true;
-        subdir = "git";
-        configText = ''
-          source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
-          about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
-          cache-size=1000
-          logo=/git/cgit.png
-          favicon=/git/favicon.ico
-
-          # take css from an assumed repo `config`
-          css=/git/config/plain/cgit.css
-
-          # remove .git extensions from repo names
-          remove-suffix=1
-
-          # readme formats which may be parsed
-          readme=:README.md
-          readme=:README
-          readme=:README.txt
-          readme=:README.org
-
-          # allow cloning repos
-          enable-http-clone=1
-                  
-          enable-follow-links=1
-          enable-html-serving=1
-          enable-index-owner=0
-
-          mimetype.css=text/css
-          mimetype.jpg=image/jpeg
-          mimetype.jpeg=image/jpeg
-          mimetype.pdf=application/pdf
-          mimetype.png=image/png
-          mimetype.svg=image/svg+xml
-
-          # some nice formatting
-          root-title=An Assortment of Stuff
-          root-desc=hand-squished into git repos
-          enable-commit-graph=1
-          enable-log-linecount=1
-          enable-log-filecount=1
-          branch-sort=age
-          # suppress email addresses in html logs
-          noplainemail=1
-
-          # maximum file size for plain blobs in kilobyte
-          max-blob-size=100
-
-          cache-scanrc-ttl=1
-
-          scan-path=/git
-
-          section=Forks
-          scan-path=/forks
-        '';
-      };
-
-      networking.firewall.allowedTCPPorts = [ 80 ];
-    };
+  services.fcgiwrap = {
+    user = "git";
+    group = "users";
+    enable = true;
   };
 
-  services.nginx.recommendedProxySettings = true;
   services.nginx.virtualHosts."stuebinm.eu" = {
-    locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
     enableACME = true;
     forceSSL = true;
+
+    locations."~ /git(/.*)".extraConfig = ''
+      fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+      include       ${pkgs.nginx}/conf/fastcgi_params;
+      fastcgi_param SCRIPT_FILENAME     ${pkgs.cgit}/cgit/cgit.cgi;
+      fastcgi_param CGIT_CONFIG     ${pkgs.writeText "cgit.conf" cgitconf};
+      fastcgi_param PATH_INFO           $1;
+    '';
+
+    locations."~ /git(/[^/]*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
+      extraConfig = ''
+        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+        include       ${pkgs.nginx}/conf/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME     ${pkgs.git}/bin/git-http-backend;
+        fastcgi_param GIT_HTTP_EXPORT_ALL "";
+        fastcgi_param GIT_PROJECT_ROOT    /var/git/public;
+        fastcgi_param PATH_INFO           $1;
+      '';
+    };
+
+    locations."~ /git/forks(/.*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
+      extraConfig = ''
+        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+        include       ${pkgs.nginx}/conf/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME     ${pkgs.git}/bin/git-http-backend;
+        fastcgi_param GIT_HTTP_EXPORT_ALL "";
+        fastcgi_param GIT_PROJECT_ROOT    /var/git/forks;
+        fastcgi_param PATH_INFO           $1;
+      '';
+    };
   };
 
   # user for git repo administration
-- 
cgit v1.2.3