blob: 11c6d721df9e2bb52362cd4bd03b350da546e2af (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
{pkgs, config, ...}:
let
cgitconf = ''
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
cache-size=1000
logo=/git/cgit.png
favicon=/git/favicon.ico
virtual-root=/git
# take css from an assumed repo `config`
css=/git/config/plain/cgit.css
# remove .git extensions from repo names
remove-suffix=1
# readme formats which may be parsed
readme=:README.md
readme=:README
readme=:README.txt
readme=:README.org
enable-follow-links=1
enable-html-serving=1
enable-index-owner=0
mimetype.css=text/css
mimetype.jpg=image/jpeg
mimetype.jpeg=image/jpeg
mimetype.pdf=application/pdf
mimetype.png=image/png
mimetype.svg=image/svg+xml
# some nice formatting
root-title=An Assortment of Stuff
root-desc=hand-squished into git repos
enable-commit-graph=1
enable-log-linecount=1
enable-log-filecount=1
branch-sort=age
# suppress email addresses in html logs
noplainemail=1
# maximum file size for plain blobs in kilobyte
max-blob-size=100
cache-scanrc-ttl=1
defbranch=main
scan-path=/var/git/public
section=Forks
clone-url=https://stuebinm.eu/git/forks/$CGIT_REPO_URL
scan-path=/var/git/forks
'';
cgit = pkgs.cgit.overrideAttrs (old: {
patches = [ ./0001-main-instead-of-master-branch.patch ];
});
in
{
services.fcgiwrap = {
user = "git";
group = "users";
enable = true;
};
services.nginx.virtualHosts."stuebinm.eu" = {
enableACME = true;
forceSSL = true;
locations."~ /git(/.*)".extraConfig = ''
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME ${cgit}/cgit/cgit.cgi;
fastcgi_param CGIT_CONFIG ${pkgs.writeText "cgit.conf" cgitconf};
fastcgi_param PATH_INFO $1;
'';
locations."~ /git(/[^/]*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
extraConfig = ''
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /var/git/public;
fastcgi_param PATH_INFO $1;
'';
};
locations."~ /git/forks(/.*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
extraConfig = ''
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /var/git/forks;
fastcgi_param PATH_INFO $1;
'';
};
};
# user for git repo administration
users.users.git = {
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
home = "/var/git";
isNormalUser = true;
packages = [ pkgs.git ];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}
|