blob: cc05d5c998c09870d1d687a100fa18f96215b9a9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
{pkgs, config, ...}:
{
containers.cgit = {
autoStart = true;
privateNetwork = true;
hostAddress6 = "fd00::42:12";
localAddress6 = "fd00::42:13";
bindMounts."/git" = {
hostPath = "/var/git/public";
isReadOnly = true;
};
bindMounts."/forks" = {
hostPath = "/var/git/forks";
isReadOnly = true;
};
config = {pkgs, config, ...}: {
services.lighttpd.enable = true;
services.lighttpd.extraConfig = ''server.use-ipv6 = "enable"'';
services.lighttpd.cgit = {
enable = true;
subdir = "git";
configText = ''
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
cache-size=1000
logo=/git/cgit.png
favicon=/git/favicon.ico
# take css from an assumed repo `config`
css=/git/config/plain/cgit.css
# remove .git extensions from repo names
remove-suffix=1
# readme formats which may be parsed
readme=:README.md
readme=:README
readme=:README.txt
readme=:README.org
# allow cloning repos
enable-http-clone=1
enable-follow-links=1
enable-html-serving=1
enable-index-owner=0
mimetype.css=text/css
mimetype.jpg=image/jpeg
mimetype.jpeg=image/jpeg
mimetype.pdf=application/pdf
mimetype.png=image/png
mimetype.svg=image/svg+xml
# some nice formatting
root-title=An Assortment of Stuff
root-desc=hand-squished into git repos
enable-commit-graph=1
enable-log-linecount=1
enable-log-filecount=1
branch-sort=age
# suppress email addresses in html logs
noplainemail=1
# maximum file size for plain blobs in kilobyte
max-blob-size=100
cache-scanrc-ttl=1
scan-path=/git
section=Forks
scan-path=/forks
'';
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
};
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."stuebinm.eu" = {
locations."/git/".proxyPass = "http://[${config.containers.cgit.localAddress6}]";
enableACME = true;
forceSSL = true;
};
# user for git repo administration
users.users.git = {
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
home = "/var/git";
isNormalUser = true;
packages = [ pkgs.git ];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}
|