]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/nginx/sourcephile.fr/git.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nginx: increase the valid caching time of gitweb
[sourcephile-nix.git] / servers / mermet / nginx / sourcephile.fr / git.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) gitweb gitolite nginx;
5 domain = "sourcephile.fr";
6 srv = "git";
7 gitwebSocket = "/run/gitweb/gitweb.sock";
8 in
9 {
10 services.nginx = {
11 commonHttpConfig = ''
12 fastcgi_cache_path ${nginx.stateDir}/fastcgi_cache:${domain}:${srv}
13 keys_zone=${domain}/${srv}:2M
14 inactive=10m
15 levels=1:2
16 max_size=32M;
17 '';
18 virtualHosts."${srv}" = {
19 serverName = "${srv}.${domain}";
20 forceSSL = true;
21 useACMEHost = domain;
22 extraConfig = ''
23 access_log ${nginx.logDir}/${domain}/${srv}/access.log json buffer=32k;
24 error_log ${nginx.logDir}/${domain}/${srv}/error.log warn;
25 '';
26 locations = {
27 "/" = {
28 extraConfig = ''
29 include ${pkgs.nginx}/conf/fastcgi_params;
30 ${nginx.configs.https_add_headers}
31 add_header X-Cache $upstream_cache_status;
32 fastcgi_cache ${domain}/${srv};
33 fastcgi_cache_valid 200 1m;
34 fastcgi_cache_valid 404 30m;
35 fastcgi_max_temp_file_size 1M;
36 # Used by gitweb's pathinfo feature
37 fastcgi_param PATH_INFO $fastcgi_script_name;
38 fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
39 fastcgi_pass unix:${gitwebSocket};
40 '';
41 };
42 "/static/" = {
43 alias = "${pkgs.gitweb}/static/";
44 extraConfig = ''
45 access_log off;
46 '';
47 };
48 "/static-custom/" = {
49 root = pkgs.writeTextDir "style.css" ''
50 .project_list {
51 width:100%;
52 }
53 '';
54 extraConfig = ''
55 access_log off;
56 '';
57 };
58 "/robots.txt" = {
59 root = pkgs.writeTextDir "robots.txt" ''
60 User-agent: *
61 Disallow: /*/blame/*
62 Disallow: /*/blobdiff/*
63 Disallow: /*/commitdiff/*
64 Disallow: /*/search/*
65 Disallow: /*/snapshot/*
66 '';
67 extraConfig = ''
68 access_log off;
69 '';
70 };
71 };
72 };
73 };
74 systemd.services.nginx.preStart = lib.mkBefore ''
75 install -D -d -m 750 -o ${nginx.user} -g ${nginx.group} ${nginx.logDir}/${domain}/${srv}/
76 '';
77 systemd.services.gitweb = {
78 description = "GitWeb FastCGI service";
79 script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
80 environment = {
81 FCGI_SOCKET_PATH = gitwebSocket;
82 FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
83 };
84 serviceConfig = {
85 User = gitolite.user;
86 Group = nginx.group;
87 RuntimeDirectory = [ "gitweb" ];
88 Restart = "always";
89 RestartSec = 10;
90 };
91 wantedBy = [ "multi-user.target" ];
92 };
93 services.gitweb = {
94 gitwebTheme = false;
95 projectroot = "${gitolite.dataDir}/repositories";
96 extraConfig = ''
97 use utf8;
98 my $s = $cgi->https() ? "s" : "";
99 @extra_breadcrumbs = (["${networking.domainBase}" => "http''${s}://${domain}"]);
100 $site_name = "Git — Sourcephile";
101 $home_link_str = "git";
102 $projects_list = "${gitolite.dataDir}/projects.list";
103 $projects_list_description_width = 50;
104 $projects_list_group_categories = 1;
105 $default_projects_order = "age";
106 $omit_owner = 1;
107 $export_ok = "git-daemon-export-ok";
108 $prevent_xss = 0;
109 @git_base_url_list =
110 ( "git://${srv}.${domain}"
111 , "git\@${srv}.${domain}:"
112 );
113 # NOTE: more readable URL.
114 $feature{'pathinfo'}{'default'} = [1];
115 @stylesheets = ( "/static/gitweb.css"
116 , "/static-custom/style.css"
117 );
118 $logo = "/static/git-logo.png";
119 $favicon = "/static/git-favicon.png";
120 $javascript = "/static/gitweb.js";
121 $feature{'highlight'}{'default'} = [1];
122 # Fix a bug in Gitweb: FCGI is not Unicode aware.
123 if ($first_request) {
124 my $enc = Encode::find_encoding('UTF-8');
125 my $org = \&FCGI::Stream::PRINT;
126 no warnings 'redefine';
127 *FCGI::Stream::PRINT = sub {
128 my @OUTPUT = @_;
129 for (my $i = 1; $i < @_; $i++) {
130 $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC);
131 }
132 @_ = @OUTPUT;
133 goto $org;
134 };
135 };
136 '';
137 };
138 }
NixOS configurations for Sourcephile's infrastructure