servers/mermet/nginx/sourcephile.fr/git.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (config) networking;
   4   inherit (config.services) gitweb gitolite nginx;
   5   domain = "sourcephile.fr";
   6   srv = "git";
   7   gitwebSocket = "/run/gitweb/gitweb.sock";
   8 in
   9 {
  10   services.nginx = {
  11     virtualHosts."${srv}" = {
  12       serverName = "${srv}.${domain}";
  13       forceSSL = true;
  14       useACMEHost = domain;
  15       extraConfig = ''
  16         access_log ${nginx.logDir}/${domain}/${srv}/access.log json buffer=32k;
  17         error_log  ${nginx.logDir}/${domain}/${srv}/error.log warn;
  18       '';
  19       locations = {
  20         "/" = {
  21           extraConfig = ''
  22             include ${pkgs.nginx}/conf/fastcgi_params;
  23             fastcgi_param PATH_INFO $fastcgi_script_name;
  24              # NOTE: used by gitweb's pathinfo feature.
  25             fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
  26             fastcgi_pass unix:${gitwebSocket};
  27           '';
  28         };
  29         "/static/" = {
  30           alias = "${pkgs.gitweb}/static/";
  31           extraConfig = ''
  32             access_log off;
  33           '';
  34         };
  35         "/static-custom/" = {
  36           root = pkgs.writeTextDir "style.css" ''
  37             .project_list {
  38               width:100%;
  39             }
  40           '';
  41           extraConfig = ''
  42             access_log off;
  43           '';
  44         };
  45         "/robots.txt" = {
  46           root = pkgs.writeTextDir "robots.txt" ''
  47             User-agent: *
  48             Disallow: /*/blame/*
  49             Disallow: /*/blobdiff/*
  50             Disallow: /*/commitdiff/*
  51             Disallow: /*/search/*
  52             Disallow: /*/snapshot/*
  53           '';
  54           extraConfig = ''
  55             access_log off;
  56           '';
  57         };
  58       };
  59     };
  60   };
  61   systemd.services.nginx.preStart = lib.mkBefore ''
  62     install -D -d -m 750 -o ${nginx.user} -g ${nginx.group} ${nginx.logDir}/${domain}/${srv}/
  63   '';
  64   systemd.services.gitweb = {
  65     description = "GitWeb FastCGI service";
  66     script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
  67     environment  = {
  68       FCGI_SOCKET_PATH = gitwebSocket;
  69       FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
  70     };
  71     serviceConfig = {
  72       User             = gitolite.user;
  73       Group            = nginx.group;
  74       RuntimeDirectory = [ "gitweb" ];
  75       Restart          = "always";
  76       RestartSec       = 10;
  77     };
  78     wantedBy = [ "multi-user.target" ];
  79   };
  80   services.gitweb = {
  81     gitwebTheme = false;
  82     projectroot = "${gitolite.dataDir}/repositories";
  83     extraConfig = ''
  84       use utf8;
  85       my $s = $cgi->https() ? "s"  : "";
  86       @extra_breadcrumbs = (["${networking.domainBase}" => "http''${s}://${domain}"]);
  87       $site_name = "Git — Sourcephile";
  88       $home_link_str = "git";
  89       $projects_list = "${gitolite.dataDir}/projects.list";
  90       $projects_list_description_width = 50;
  91       $projects_list_group_categories = 1;
  92       $default_projects_order = "age";
  93       $omit_owner = 1;
  94       $export_ok = "git-daemon-export-ok";
  95       $prevent_xss = 0;
  96       @git_base_url_list =
  97        ( "git://${srv}.${domain}"
  98        , "git\@${srv}.${domain}:"
  99        );
 100       # NOTE: more readable URL.
 101       $feature{'pathinfo'}{'default'} = [1];
 102       @stylesheets = ( "/static/gitweb.css"
 103                      , "/static-custom/style.css"
 104                      );
 105       $logo        =  "/static/git-logo.png";
 106       $favicon     =  "/static/git-favicon.png";
 107       $javascript  =  "/static/gitweb.js";
 108       $feature{'highlight'}{'default'} = [1];
 109       # FIX: gitweb bug: FCGI is not Unicode aware.
 110       if ($first_request) {
 111           my $enc = Encode::find_encoding('UTF-8');
 112           my $org = \&FCGI::Stream::PRINT;
 113           no warnings 'redefine';
 114           *FCGI::Stream::PRINT = sub {
 115               my @OUTPUT = @_;
 116               for (my $i = 1; $i < @_; $i++) {
 117                   $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC);
 118               }
 119               @_ = @OUTPUT;
 120               goto $org;
 121           };
 122       };
 123     '';
 124   };
 125 }