]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/nginx/sourcephile.fr/git.nix
gitweb: cleanly disable UTF-8 encoding fix in git_blob_plain() and git_snapshot()
[sourcephile-nix.git] / servers / mermet / nginx / sourcephile.fr / git.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) gitweb gitolite nginx;
5 domain = "sourcephile.fr";
6 srv = "git";
7 gitwebSocket = "/run/gitweb/gitweb.sock";
8 in
9 {
10 services.nginx = {
11 commonHttpConfig = ''
12 fastcgi_cache_path ${nginx.stateDir}/fastcgi_cache:${domain}:${srv}
13 keys_zone=${domain}/${srv}:2M
14 inactive=10m
15 levels=1:2
16 max_size=32M;
17 '';
18 virtualHosts."${srv}" = {
19 serverName = "${srv}.${domain}";
20 forceSSL = true;
21 useACMEHost = domain;
22 extraConfig = ''
23 access_log ${nginx.logDir}/${domain}/${srv}/access.log json buffer=32k;
24 error_log ${nginx.logDir}/${domain}/${srv}/error.log warn;
25 '';
26 locations = {
27 "/" = {
28 extraConfig = ''
29 include ${pkgs.nginx}/conf/fastcgi_params;
30 ${nginx.configs.https_add_headers}
31 add_header X-Cache $upstream_cache_status;
32 fastcgi_cache ${domain}/${srv};
33 fastcgi_cache_valid 200 1m;
34 fastcgi_cache_valid 404 30m;
35 fastcgi_max_temp_file_size 1M;
36 # Used by gitweb's pathinfo feature
37 fastcgi_param PATH_INFO $fastcgi_script_name;
38 fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
39 fastcgi_pass unix:${gitwebSocket};
40 '';
41 };
42 "/static/" = {
43 alias = "${pkgs.gitweb}/static/";
44 extraConfig = ''
45 access_log off;
46 '';
47 };
48 "/static-custom/" = {
49 root = pkgs.writeTextDir "static-custom/style.css" ''
50 .project_list {
51 width:100%;
52 }
53 '';
54 extraConfig = ''
55 access_log off;
56 '';
57 };
58 "/robots.txt" = {
59 root = pkgs.writeTextDir "robots.txt" ''
60 User-agent: *
61 Disallow: /*/blame/*
62 Disallow: /*/blobdiff/*
63 Disallow: /*/commitdiff/*
64 Disallow: /*/commitdiff_plain/*
65 Disallow: /*/patch/*
66 Disallow: /*/search/*
67 Disallow: /*/snapshot/*
68 Disallow: /*a=blame*
69 Disallow: /*a=blobdiff*
70 Disallow: /*a=commitdiff*
71 Disallow: /*a=commitdiff_plain*
72 Disallow: /*a=patch*
73 Disallow: /*a=search*
74 Disallow: /*a=snapshot*
75 '';
76 extraConfig = ''
77 access_log off;
78 '';
79 };
80 };
81 };
82 };
83 systemd.services.nginx.preStart = lib.mkBefore ''
84 install -D -d -m 750 -o ${nginx.user} -g ${nginx.group} ${nginx.logDir}/${domain}/${srv}/
85 '';
86 systemd.services.gitweb = {
87 description = "GitWeb FastCGI service";
88 script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
89 environment = {
90 FCGI_SOCKET_PATH = gitwebSocket;
91 FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
92 };
93 serviceConfig = {
94 User = gitolite.user;
95 Group = nginx.group;
96 RuntimeDirectory = [ "gitweb" ];
97 Restart = "always";
98 RestartSec = 10;
99 };
100 wantedBy = [ "multi-user.target" ];
101 };
102 services.gitweb = {
103 gitwebTheme = false;
104 projectroot = "${gitolite.dataDir}/repositories";
105 extraConfig = ''
106 use utf8;
107 my $s = $cgi->https() ? "s" : "";
108 @extra_breadcrumbs = (["${networking.domainBase}" => "http''${s}://${domain}"]);
109 $site_name = "Git — Sourcephile";
110 $home_link_str = "git";
111 $projects_list = "${gitolite.dataDir}/projects.list";
112 $projects_list_description_width = 50;
113 $projects_list_group_categories = 1;
114 $default_projects_order = "age";
115 $default_text_plain_charset = 'utf-8';
116 #$fallback_encoding = "utf-8";
117 $omit_owner = 1;
118 $export_ok = "git-daemon-export-ok";
119 $prevent_xss = 0;
120 @git_base_url_list =
121 ( "git://${srv}.${domain}"
122 , "git\@${srv}.${domain}:"
123 );
124 # NOTE: more readable URL.
125 $feature{'pathinfo'}{'default'} = [1];
126 @stylesheets = ( "/static/gitweb.css"
127 , "/static-custom/style.css"
128 );
129 $logo = "/static/git-logo.png";
130 $favicon = "/static/git-favicon.png";
131 $javascript = "/static/gitweb.js";
132 $feature{'highlight'}{'default'} = [1];
133 sub toto () {
134 return 42;
135 }
136 # Fix a bug in Gitweb: FCGI is not Unicode aware.
137 # However no encoding must be done within git_blob_plain() and git_snapshot()
138 # which must still output in raw binary mode.
139 if ($first_request) {
140 no warnings 'redefine';
141 my $enc = Encode::find_encoding('UTF-8');
142 my $old_PRINT = \&FCGI::Stream::PRINT;
143 my $old_git_blob_plain = \&git_blob_plain;
144 my $old_git_snapshot = \&git_snapshot;
145 *main::git_blob_plain = sub {
146 local *FCGI::Stream::PRINT = $old_PRINT;
147 $old_git_blob_plain->(@_);
148 };
149 $actions{blob_plain} = \&main::git_blob_plain;
150 *main::git_snapshot = sub {
151 local *FCGI::Stream::PRINT = $old_PRINT;
152 $old_git_snapshot->(@_);
153 };
154 $actions{snapshot} = \&main::git_snapshot;
155 *FCGI::Stream::PRINT = sub {
156 my @OUTPUT = @_;
157 for (my $i = 1; $i < @_; $i++) {
158 $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC);
159 }
160 @_ = @OUTPUT;
161 goto $old_PRINT;
162 };
163 };
164 '';
165 };
166 }