blob: f754588ef9881f1e47944590deed9b14d2f44472 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
{
config,
lib,
inputs,
pkgs,
...
}:
with lib; let
cfg = config.nixfiles.modules.git;
in {
options.nixfiles.modules.git.server = {
enable = mkEnableOption "Git server";
domain = mkOption {
description = "Domain name sans protocol scheme.";
type = with types; nullOr str;
default = "git.${config.networking.domain}";
};
package = mkOption {
description = "Package.";
type = types.package;
default = pkgs.cgit-pink;
};
};
config = mkMerge [
(mkIf cfg.client.enable {
secrets = {
glab-cli-config = {
file = "${inputs.self}/secrets/glab-cli-config";
path = "${config.dirs.config}/glab-cli/config.yml";
owner = my.username;
inherit (config.my) group;
};
gh-hosts = {
file = "${inputs.self}/secrets/gh-hosts";
path = "${config.dirs.config}/gh/hosts.yml";
owner = my.username;
inherit (config.my) group;
};
hut = {
file = "${inputs.self}/secrets/hut";
path = "${config.dirs.config}/hut/config";
owner = my.username;
inherit (config.my) group;
};
};
})
(mkIf cfg.server.enable {
nixfiles.modules.nginx = {
enable = true;
virtualHosts.${cfg.server.domain} = {
locations = {
"/".extraConfig = let
cgitrc = pkgs.writeText "cgitrc" ''
root-title=azahi’s git stuff
root-desc=鯛も一人はうまからず
about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh
source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py
commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh
enable-git-config=1
enable-gitweb-owner=1
remove-suffix=1
snapshots=tar.gz tar.bz2 zip
readme=:README
readme=:README.md
readme=:README.org
readme=:README.txt
readme=:readme
readme=:readme.md
readme=:readme.org
readme=:readme.txt
scan-path=${config.services.gitolite.dataDir}/repositories
'';
in ''
include ${config.services.nginx.package}/conf/fastcgi_params;
fastcgi_split_path_info ^(/?)(.+)$;
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi;
fastcgi_param CGIT_CONFIG ${cgitrc};
fastcgi_param PATH_INFO $uri;
fastcgi_param QUERY_STRING $args;
fastcgi_param HTTP_HOST $server_name;
'';
# FIXME This breaks sources previewing for these files.
"~* ^/(.+.(ico|css|png))$".extraConfig = ''
alias ${cfg.server.package}/cgit/$1;
'';
};
};
};
services = let
user = "git";
group = "git";
in {
gitolite = {
# TODO Make the configuration purely declarative.
enable = true;
inherit user group;
adminPubkey = my.ssh.key;
};
fcgiwrap = {
enable = true;
inherit user group;
};
};
})
];
}
|
