]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/nginx/sourcephile.fr/git.nix
knot: allow only updates to _acme-challenge TXT
[sourcephile-nix.git] / servers / mermet / nginx / sourcephile.fr / git.nix
1 { pkgs, lib, config, ... }:
2 let inherit (config) networking;
3 inherit (config.services) gitweb gitolite nginx;
4 domain = "sourcephile.fr";
5 package = pkgs.gitweb.override (lib.optionalAttrs gitweb.gitwebTheme {
6 gitwebTheme = true;
7 });
8 RuntimeDirectory = "gitweb";
9 gitwebSocket = "/run/${RuntimeDirectory}/gitweb.sock";
10 static-custom = pkgs.writeTextFile {
11 name = "static-custom";
12 destination = "/static-custom/style.css";
13 text = ''
14 .project_list {
15 width:100%;
16 }
17 '';
18 };
19 in
20 {
21 services.nginx = {
22 virtualHosts."git" = {
23 serverName = "git.${domain}";
24 serverAliases =
25 map (domainAlias: "git." + domainAlias)
26 config.networking.domainAliases;
27 forceSSL = false;
28 enableSSL = true;
29 useACMEHost = domain;
30 locations = {
31 "/" = {
32 extraConfig = ''
33 include ${pkgs.nginx}/conf/fastcgi_params;
34 fastcgi_param PATH_INFO $fastcgi_script_name;
35 # NOTE: used by gitweb's pathinfo feature.
36 fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
37 fastcgi_pass unix:${gitwebSocket};
38 '';
39 };
40 "/static/" = {
41 alias = "${pkgs.gitweb}/static/";
42 };
43 "/static-custom/" = {
44 alias = "${static-custom}/static-custom/";
45 };
46 };
47 };
48 };
49 systemd.services.gitweb = {
50 description = "GitWeb FastCGI service";
51 script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
52 environment = {
53 FCGI_SOCKET_PATH = gitwebSocket;
54 FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
55 };
56 serviceConfig = {
57 User = gitolite.user;
58 Group = nginx.group;
59 RuntimeDirectory = [ RuntimeDirectory ];
60 Restart = "always";
61 RestartSec = 10;
62 };
63 wantedBy = [ "multi-user.target" ];
64 };
65 services.gitweb = {
66 gitwebTheme = false;
67 projectroot = "${gitolite.dataDir}/repositories";
68 extraConfig = ''
69 use utf8;
70 my $s = $cgi->https() ? "s" : "";
71 @extra_breadcrumbs = (["${networking.domainBase}" => "http''${s}://${domain}"]);
72 $site_name = "Git — Sourcephile";
73 $home_link_str = "git";
74 $projects_list = "${gitolite.dataDir}/projects.list";
75 $projects_list_description_width = 50;
76 $projects_list_group_categories = 1;
77 $default_projects_order = "age";
78 $omit_owner = 1;
79 $export_ok = "git-daemon-export-ok";
80 $prevent_xss = 0;
81 @git_base_url_list =
82 ( "git://git.${domain}"
83 , "git\@git.${domain}:"
84 );
85 # NOTE: more readable URL.
86 $feature{'pathinfo'}{'default'} = [1];
87 @stylesheets = ( "/static/gitweb.css"
88 , "/static-custom/style.css"
89 );
90 $logo = "/static/git-logo.png";
91 $favicon = "/static/git-favicon.png";
92 $javascript = "/static/gitweb.js";
93 $feature{'highlight'}{'default'} = [1];
94 # FIX: gitweb bug: FCGI is not Unicode aware.
95 if ($first_request) {
96 my $enc = Encode::find_encoding('UTF-8');
97 my $org = \&FCGI::Stream::PRINT;
98 no warnings 'redefine';
99 *FCGI::Stream::PRINT = sub {
100 my @OUTPUT = @_;
101 for (my $i = 1; $i < @_; $i++) {
102 $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC);
103 }
104 @_ = @OUTPUT;
105 goto $org;
106 };
107 };
108 '';
109 };
110 }