summaryrefslogtreecommitdiff
path: root/flora/services/cgit.nix
blob: 11c6d721df9e2bb52362cd4bd03b350da546e2af (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
{pkgs, config, ...}:

let
  cgitconf = ''
    source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
    about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
    cache-size=1000
    logo=/git/cgit.png
    favicon=/git/favicon.ico
    virtual-root=/git

    # take css from an assumed repo `config`
    css=/git/config/plain/cgit.css

    # remove .git extensions from repo names
    remove-suffix=1

    # readme formats which may be parsed
    readme=:README.md
    readme=:README
    readme=:README.txt
    readme=:README.org

    enable-follow-links=1
    enable-html-serving=1
    enable-index-owner=0

    mimetype.css=text/css
    mimetype.jpg=image/jpeg
    mimetype.jpeg=image/jpeg
    mimetype.pdf=application/pdf
    mimetype.png=image/png
    mimetype.svg=image/svg+xml

    # some nice formatting
    root-title=An Assortment of Stuff
    root-desc=hand-squished into git repos
    enable-commit-graph=1
    enable-log-linecount=1
    enable-log-filecount=1
    branch-sort=age
    # suppress email addresses in html logs
    noplainemail=1

    # maximum file size for plain blobs in kilobyte
    max-blob-size=100

    cache-scanrc-ttl=1

    defbranch=main
    scan-path=/var/git/public

    section=Forks
    clone-url=https://stuebinm.eu/git/forks/$CGIT_REPO_URL
    scan-path=/var/git/forks
  '';

  cgit = pkgs.cgit.overrideAttrs (old: {
    patches = [ ./0001-main-instead-of-master-branch.patch ];
  });
in
{
  services.fcgiwrap = {
    user = "git";
    group = "users";
    enable = true;
  };

  services.nginx.virtualHosts."stuebinm.eu" = {
    enableACME = true;
    forceSSL = true;

    locations."~ /git(/.*)".extraConfig = ''
      fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
      include       ${pkgs.nginx}/conf/fastcgi_params;
      fastcgi_param SCRIPT_FILENAME     ${cgit}/cgit/cgit.cgi;
      fastcgi_param CGIT_CONFIG     ${pkgs.writeText "cgit.conf" cgitconf};
      fastcgi_param PATH_INFO           $1;
    '';

    locations."~ /git(/[^/]*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
      extraConfig = ''
        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
        include       ${pkgs.nginx}/conf/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME     ${pkgs.git}/bin/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT    /var/git/public;
        fastcgi_param PATH_INFO           $1;
      '';
    };

    locations."~ /git/forks(/.*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
      extraConfig = ''
        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
        include       ${pkgs.nginx}/conf/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME     ${pkgs.git}/bin/git-http-backend;
        fastcgi_param GIT_HTTP_EXPORT_ALL "";
        fastcgi_param GIT_PROJECT_ROOT    /var/git/forks;
        fastcgi_param PATH_INFO           $1;
      '';
    };
  };

  # user for git repo administration
  users.users.git = {
    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
    home = "/var/git";
    isNormalUser = true;
    packages = [ pkgs.git ];
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];

}