From 32cc6847c481c8ffc88240d0149fe495f3b22de5 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Wed, 15 Feb 2023 22:44:13 +0300 Subject: 2023-02-15 --- flake.lock | 8 +- modules/nixos/default.nix | 2 +- modules/nixos/git.nix | 117 ------------------------- modules/nixos/git/default.nix | 197 ++++++++++++++++++++++++++++++++++++++++++ modules/nixos/git/favicon.ico | Bin 0 -> 15406 bytes modules/nixos/git/logo.gif | Bin 0 -> 138553 bytes 6 files changed, 202 insertions(+), 122 deletions(-) delete mode 100644 modules/nixos/git.nix create mode 100644 modules/nixos/git/default.nix create mode 100644 modules/nixos/git/favicon.ico create mode 100644 modules/nixos/git/logo.gif diff --git a/flake.lock b/flake.lock index 01e3e00..fb9d97f 100644 --- a/flake.lock +++ b/flake.lock @@ -317,11 +317,11 @@ "azahi-cc": { "flake": false, "locked": { - "lastModified": 1667813970, - "narHash": "sha256-gQG7yukKNbc1OIdi/Uh+/EyKtFfB0AMqCaqmWFJnqkc=", + "lastModified": 1676413032, + "narHash": "sha256-nXcdZ1ci1MxzsM8WdWVg3T+esviWA1pCMtBvG5lYKgE=", "ref": "master", - "rev": "3ee6367deea23cc59c73bc031367be0267b9d7c2", - "revCount": 14, + "rev": "a46fa2436e54768f8c70fe2ee9c46730607ed6df", + "revCount": 15, "type": "git", "url": "https://git.azahi.cc/azahi-cc" }, diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index b35e461..188a999 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -14,7 +14,7 @@ _: { ./fail2ban.nix ./fonts.nix ./games - ./git.nix + ./git ./gnupg.nix ./gotify.nix ./grafana.nix diff --git a/modules/nixos/git.nix b/modules/nixos/git.nix deleted file mode 100644 index f754588..0000000 --- a/modules/nixos/git.nix +++ /dev/null @@ -1,117 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.git; -in { - options.nixfiles.modules.git.server = { - enable = mkEnableOption "Git server"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "git.${config.networking.domain}"; - }; - - package = mkOption { - description = "Package."; - type = types.package; - default = pkgs.cgit-pink; - }; - }; - - config = mkMerge [ - (mkIf cfg.client.enable { - secrets = { - glab-cli-config = { - file = "${inputs.self}/secrets/glab-cli-config"; - path = "${config.dirs.config}/glab-cli/config.yml"; - owner = my.username; - inherit (config.my) group; - }; - gh-hosts = { - file = "${inputs.self}/secrets/gh-hosts"; - path = "${config.dirs.config}/gh/hosts.yml"; - owner = my.username; - inherit (config.my) group; - }; - hut = { - file = "${inputs.self}/secrets/hut"; - path = "${config.dirs.config}/hut/config"; - owner = my.username; - inherit (config.my) group; - }; - }; - }) - (mkIf cfg.server.enable { - nixfiles.modules.nginx = { - enable = true; - virtualHosts.${cfg.server.domain} = { - locations = { - "/".extraConfig = let - cgitrc = pkgs.writeText "cgitrc" '' - root-title=azahi’s git stuff - root-desc=鯛も一人はうまからず - - about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh - source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py - commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh - - enable-git-config=1 - enable-gitweb-owner=1 - remove-suffix=1 - - snapshots=tar.gz tar.bz2 zip - - readme=:README - readme=:README.md - readme=:README.org - readme=:README.txt - readme=:readme - readme=:readme.md - readme=:readme.org - readme=:readme.txt - - scan-path=${config.services.gitolite.dataDir}/repositories - ''; - in '' - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_split_path_info ^(/?)(.+)$; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; - fastcgi_param CGIT_CONFIG ${cgitrc}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - ''; - # FIXME This breaks sources previewing for these files. - "~* ^/(.+.(ico|css|png))$".extraConfig = '' - alias ${cfg.server.package}/cgit/$1; - ''; - }; - }; - }; - - services = let - user = "git"; - group = "git"; - in { - gitolite = { - # TODO Make the configuration purely declarative. - enable = true; - inherit user group; - adminPubkey = my.ssh.key; - }; - - fcgiwrap = { - enable = true; - inherit user group; - }; - }; - }) - ]; -} diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix new file mode 100644 index 0000000..587f3b3 --- /dev/null +++ b/modules/nixos/git/default.nix @@ -0,0 +1,197 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.git; +in { + options.nixfiles.modules.git.server = { + enable = mkEnableOption "Git server"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "git.${config.networking.domain}"; + }; + + package = mkOption { + description = "Package."; + type = types.package; + default = pkgs.cgit-pink; + }; + }; + + config = mkMerge [ + (mkIf cfg.client.enable { + secrets = { + glab-cli-config = { + file = "${inputs.self}/secrets/glab-cli-config"; + path = "${config.dirs.config}/glab-cli/config.yml"; + owner = my.username; + inherit (config.my) group; + }; + gh-hosts = { + file = "${inputs.self}/secrets/gh-hosts"; + path = "${config.dirs.config}/gh/hosts.yml"; + owner = my.username; + inherit (config.my) group; + }; + hut = { + file = "${inputs.self}/secrets/hut"; + path = "${config.dirs.config}/hut/config"; + owner = my.username; + inherit (config.my) group; + }; + }; + }) + (mkIf cfg.server.enable { + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.server.domain} = { + locations = { + "/".extraConfig = let + cgitrc = pkgs.writeText "cgitrc" '' + root-title=github sux >:^( + root-desc=Homo sum, humani a me nihil alienum puto. + footer= + + logo=/cgit-custom-logo.gif + favicon=/cgit-custom-favicon.gif + css=/cgit-custom-style.css + + about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh + source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py + commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh + + enable-git-config=1 + enable-gitweb-owner=1 + enable-index-owner=0 + remove-suffix=1 + + readme=:README + readme=:README.md + readme=:README.org + readme=:README.txt + readme=:readme + readme=:readme.md + readme=:readme.org + readme=:readme.txt + + scan-path=${config.services.gitolite.dataDir}/repositories + ''; + in '' + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + "~* ^.+(cgit.css|robots.txt)$".extraConfig = '' + root ${cfg.server.package}/cgit; + ''; + "~* ^.+cgit-custom-logo.gif$".extraConfig = '' + alias ${./logo.gif}; + ''; + "~* ^.+cgit-custom-favicon.gif$".extraConfig = '' + alias ${./favicon.ico}; + ''; + "~* ^.+cgit-custom-style.css$".extraConfig = let + css = with config.colourScheme; + pkgs.writeText "custom.css" '' + @import url("cgit.css"); + + form { + display: none; + } + + div#cgit { + max-width: 200ch; + margin: auto; + font-family: "${config.fontScheme.monospaceFont.family}", monospace; + -moz-tab-size: 4; + tab-size: 4; + } + + div#cgit table#header td.sub { + border-top: none; + } + + div#cgit table#header td.sub.right { + padding-right: 1em; + } + + div#cgit table.tabs { + border-bottom: none; + } + + div#cgit div.content { + border-bottom: none; + } + + div#cgit table.list th a { + color: inherit; + } + + div#cgit table.list tr:nth-child(even) { + background: inherit; + } + + div#cgit table.list tr:hover { + background: inherit; + } + + div#cgit table.list tr.nohover-highlight:hover:nth-child(even) { + background: inherit; + } + + div#cgit table.blob td.linenumbers a:target { + color: goldenrod; + text-decoration: underline; + outline: none; + } + + div#cgit div#summary { + max-width: 80ch; + } + + div#cgit a.permalink { + color: inherit; + } + ''; + in '' + alias ${css}; + ''; + }; + }; + }; + + services = let + user = "git"; + group = "git"; + in { + gitolite = { + enable = true; + inherit user group; + adminPubkey = my.ssh.key; + extraGitoliteRc = '' + # This allows hiding repositories via "cgit.ignore"[1]. + # + # [1]: https://www.omarpolo.com/post/cgit-gitolite.html + $RC{GIT_CONFIG_KEYS} = '.*'; + ''; + }; + + fcgiwrap = { + enable = true; + inherit user group; + }; + }; + }) + ]; +} diff --git a/modules/nixos/git/favicon.ico b/modules/nixos/git/favicon.ico new file mode 100644 index 0000000..bb7cc39 Binary files /dev/null and b/modules/nixos/git/favicon.ico differ diff --git a/modules/nixos/git/logo.gif b/modules/nixos/git/logo.gif new file mode 100644 index 0000000..05874f9 Binary files /dev/null and b/modules/nixos/git/logo.gif differ -- cgit 1.4.1