about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--modules/git/default.nix135
1 files changed, 49 insertions, 86 deletions
diff --git a/modules/git/default.nix b/modules/git/default.nix
index d6e31f7..909bc2b 100644
--- a/modules/git/default.nix
+++ b/modules/git/default.nix
@@ -187,110 +187,73 @@ in
         };
       };
     })
-    (mkIf cfg.server.enable {
-      ark.directories = [ config.services.gitolite.dataDir ];
+    (mkIf cfg.server.enable (
+      with cfg.server;
+      {
+        ark.directories = [ config.services.gitolite.dataDir ];
 
-      nixfiles.modules.nginx = {
-        enable = true;
-        virtualHosts.${cfg.server.domain} = {
-          locations = {
-            "/".extraConfig =
-              let
-                cgitrc = pkgs.writeText "cgitrc" ''
-                  root-title=github sux (⩺_⩹)
-                  root-desc=https://github.com/azahi
-
-                  clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL
-
-                  logo=/cgit-custom-logo.gif
-                  favicon=/cgit-custom-favicon.gif
-                  css=/cgit-custom-style.css
-
-                  about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh
-                  source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py
-                  commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh
+        # FIXME Plausible, go-import, custom favicon, etc.
+        nixfiles.modules.nginx = {
+          enable = true;
+          virtualHosts.${domain}.locations = {
+            "/".extraConfig = mkOrder 5000 ''
+              ${libNginx.config.appendHead [
+                ''<meta name="go-import" content="$host$uri git https://$host$uri">''
+                (libPlausible.htmlPlausibleScript { inherit (cfg.server) domain; })
+              ]}
+            '';
+          };
+        };
 
-                  enable-git-config=1
-                  enable-gitweb-owner=1
-                  remove-suffix=1
+        services = {
+          cgit.${domain} = {
+            enable = true;
+            group = "git";
+            scanPath = "${config.services.gitolite.dataDir}/repositories";
+            settings = {
+              root-title = "cgit";
+              root-desc = "https://github.com/azahi";
 
-                  readme=:README
-                  readme=:README.md
-                  readme=:README.org
-                  readme=:README.txt
-                  readme=:readme
-                  readme=:readme.md
-                  readme=:readme.org
-                  readme=:readme.txt
+              clone-url = "https://${domain}/$CGIT_REPO_URL";
 
-                  scan-path=${config.services.gitolite.dataDir}/repositories
-                '';
-              in
-              ''
-                include ${config.services.nginx.package}/conf/fastcgi_params;
-                fastcgi_split_path_info ^(/?)(.+)$;
-                fastcgi_pass unix:${config.services.fcgiwrap.cgit.socket.address};
-                fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi;
-                fastcgi_param CGIT_CONFIG ${cgitrc};
-                fastcgi_param PATH_INFO $uri;
-                fastcgi_param QUERY_STRING $args;
-                fastcgi_param HTTP_HOST $server_name;
+              about-filter = "${package}/lib/cgit/filters/about-formatting.sh";
+              source-filter = "${package}/lib/cgit/filters/syntax-highlighting.py";
+              commit-filter = "${package}/lib/cgit/filters/commit-links.sh";
 
-                ${libNginx.config.appendHead [
-                  ''<meta name="go-import" content="$host$uri git https://$host$uri">''
-                  (libPlausible.htmlPlausibleScript { inherit (cfg.server) domain; })
-                ]}
-              '';
-            "~* ^.+(cgit.css|robots.txt)$".extraConfig = ''
-              root ${cfg.server.package}/cgit;
-            '';
-            "~* ^.+cgit-custom-logo.gif$".extraConfig = ''
-              alias ${./logo.gif};
-            '';
-            "~* ^.+cgit-custom-favicon.gif$".extraConfig = ''
-              alias ${./favicon.ico};
+              enable-git-config = true;
+              enable-gitweb-owner = true;
+              remove-suffix = true;
+            };
+            extraConfig = ''
+              readme=:README
+              readme=:README.md
+              readme=:README.org
+              readme=:README.txt
+              readme=:readme
+              readme=:readme.md
+              readme=:readme.org
+              readme=:readme.txt
             '';
-            "~* ^.+cgit-custom-style.css$".extraConfig =
-              let
-                css = pkgs.writeText "custom.css" ''
-                  @import url("cgit.css");
-
-                  div#cgit {
-                    font-family: monospace;
-                    -moz-tab-size: 4;
-                    tab-size: 4;
-                  }
-                '';
-              in
-              ''
-                alias ${css};
-              '';
           };
-        };
-      };
 
-      services =
-        let
-          user = "git";
-          group = "git";
-        in
-        {
           gitolite = {
             enable = true;
-            inherit user group;
+            user = "git";
+            group = "git";
             adminPubkey = my.ssh.key;
             extraGitoliteRc = ''
+              # This allows cgit to scan repositories while running under a
+              # different user.
+              $RC{UMASK} = 0027;
+
               # This allows hiding repositories via "cgit.ignore"[1].
               #
               # [1]: https://www.omarpolo.com/post/cgit-gitolite.html
               $RC{GIT_CONFIG_KEYS} = '.*';
             '';
           };
-
-          fcgiwrap.cgit.socket = {
-            inherit user group;
-          };
         };
-    })
+      }
+    ))
   ];
 }

Consider giving Nix/NixOS a try! <3