]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/nginx/sourcephile.fr/git.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nginx: add robots.txt for gitweb
[sourcephile-nix.git] / servers / mermet / nginx / sourcephile.fr / git.nix
1 { pkgs, lib, config, ... }:
2 let inherit (config) networking;
3 inherit (config.services) gitweb gitolite nginx;
4 domain = "sourcephile.fr";
5 package = pkgs.gitweb.override (lib.optionalAttrs gitweb.gitwebTheme {
6 gitwebTheme = true;
7 });
8 RuntimeDirectory = "gitweb";
9 gitwebSocket = "/run/${RuntimeDirectory}/gitweb.sock";
10 static-custom = pkgs.writeTextFile {
11 name = "static-custom";
12 destination = "/static-custom/style.css";
13 text = ''
14 .project_list {
15 width:100%;
16 }
17 '';
18 };
19 in
20 {
21 services.nginx = {
22 virtualHosts."git" = {
23 serverName = "git.${domain}";
24 serverAliases =
25 map (domainAlias: "git." + domainAlias)
26 config.networking.domainAliases;
27 forceSSL = true;
28 useACMEHost = domain;
29 locations = {
30 "/" = {
31 extraConfig = ''
32 include ${pkgs.nginx}/conf/fastcgi_params;
33 fastcgi_param PATH_INFO $fastcgi_script_name;
34 # NOTE: used by gitweb's pathinfo feature.
35 fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
36 fastcgi_pass unix:${gitwebSocket};
37 '';
38 };
39 "/static/" = {
40 alias = "${pkgs.gitweb}/static/";
41 };
42 "/static-custom/" = {
43 alias = "${static-custom}/static-custom/";
44 };
45 "/robots.txt" = {
46 root = pkgs.writeTextDir "robots.txt" ''
47 User-agent: *
48 Disallow: /*/blame/*
49 Disallow: /*/blobdiff/*
50 Disallow: /*/commitdiff/*
51 Disallow: /*/search/*
52 Disallow: /*/snapshot/*
53 '';
54 extraConfig = ''
55 allow all;
56 access_log off;
57 '';
58 };
59 };
60 };
61 };
62 systemd.services.gitweb = {
63 description = "GitWeb FastCGI service";
64 script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
65 environment = {
66 FCGI_SOCKET_PATH = gitwebSocket;
67 FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
68 };
69 serviceConfig = {
70 User = gitolite.user;
71 Group = nginx.group;
72 RuntimeDirectory = [ RuntimeDirectory ];
73 Restart = "always";
74 RestartSec = 10;
75 };
76 wantedBy = [ "multi-user.target" ];
77 };
78 services.gitweb = {
79 gitwebTheme = false;
80 projectroot = "${gitolite.dataDir}/repositories";
81 extraConfig = ''
82 use utf8;
83 my $s = $cgi->https() ? "s" : "";
84 @extra_breadcrumbs = (["${networking.domainBase}" => "http''${s}://${domain}"]);
85 $site_name = "Git — Sourcephile";
86 $home_link_str = "git";
87 $projects_list = "${gitolite.dataDir}/projects.list";
88 $projects_list_description_width = 50;
89 $projects_list_group_categories = 1;
90 $default_projects_order = "age";
91 $omit_owner = 1;
92 $export_ok = "git-daemon-export-ok";
93 $prevent_xss = 0;
94 @git_base_url_list =
95 ( "git://git.${domain}"
96 , "git\@git.${domain}:"
97 );
98 # NOTE: more readable URL.
99 $feature{'pathinfo'}{'default'} = [1];
100 @stylesheets = ( "/static/gitweb.css"
101 , "/static-custom/style.css"
102 );
103 $logo = "/static/git-logo.png";
104 $favicon = "/static/git-favicon.png";
105 $javascript = "/static/gitweb.js";
106 $feature{'highlight'}{'default'} = [1];
107 # FIX: gitweb bug: FCGI is not Unicode aware.
108 if ($first_request) {
109 my $enc = Encode::find_encoding('UTF-8');
110 my $org = \&FCGI::Stream::PRINT;
111 no warnings 'redefine';
112 *FCGI::Stream::PRINT = sub {
113 my @OUTPUT = @_;
114 for (my $i = 1; $i < @_; $i++) {
115 $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC);
116 }
117 @_ = @OUTPUT;
118 goto $org;
119 };
120 };
121 '';
122 };
123 }
NixOS configurations for Sourcephile's infrastructure