]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/nginx/sourcephile.fr/git.nix
mermet: creds: reencrypt
[sourcephile-nix.git] / hosts / mermet / nginx / sourcephile.fr / git.nix
1 { domain, ... }:
2 { pkgs, lib, config, ... }:
3 let
4 inherit (config.services) gitweb gitolite nginx;
5 srv = "git";
6 gitwebSocket = "/run/gitweb/gitweb.sock";
7 in
8 {
9 services.nginx = {
10 commonHttpConfig = ''
11 fastcgi_cache_path /var/cache/nginx/fastcgi_cache:${domain}:${srv}
12 keys_zone=${domain}/${srv}:2M
13 inactive=10m
14 levels=1:2
15 max_size=32M;
16 '';
17 virtualHosts."${srv}.${domain}" = {
18 forceSSL = true;
19 useACMEHost = domain;
20 extraConfig = ''
21 access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
22 error_log /var/log/nginx/${domain}/${srv}/error.log warn;
23 '';
24 locations = {
25 "/" = {
26 extraConfig = ''
27 include ${pkgs.nginx}/conf/fastcgi_params;
28 ${nginx.configs.https_add_headers}
29 add_header X-Cache $upstream_cache_status;
30 fastcgi_cache ${domain}/${srv};
31 fastcgi_cache_valid 200 1m;
32 fastcgi_cache_valid 404 3m;
33 fastcgi_max_temp_file_size 1M;
34 # Used by gitweb's pathinfo feature
35 fastcgi_param PATH_INFO $fastcgi_script_name;
36 fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
37 fastcgi_pass unix:${gitwebSocket};
38 '';
39 };
40 "/static/" = {
41 alias = "${pkgs.gitweb}/static/";
42 extraConfig = ''
43 access_log off;
44 '';
45 };
46 "/static-custom/" = {
47 root = pkgs.writeTextDir "static-custom/style.css" ''
48 .project_list {
49 width:100%;
50 }
51 '';
52 extraConfig = ''
53 access_log off;
54 '';
55 };
56 "/robots.txt" = {
57 root = pkgs.writeTextDir "robots.txt" ''
58 User-agent: *
59 Disallow: /*/blame/*
60 Disallow: /*/blobdiff/*
61 Disallow: /*/commitdiff/*
62 Disallow: /*/commitdiff_plain/*
63 Disallow: /*/patch/*
64 Disallow: /*/search/*
65 Disallow: /*/snapshot/*
66 Disallow: /*a=blame*
67 Disallow: /*a=blobdiff*
68 Disallow: /*a=commitdiff*
69 Disallow: /*a=commitdiff_plain*
70 Disallow: /*a=patch*
71 Disallow: /*a=search*
72 Disallow: /*a=snapshot*
73 '';
74 extraConfig = ''
75 access_log off;
76 '';
77 };
78 };
79 };
80 };
81 systemd.services.nginx.serviceConfig.LogsDirectory = lib.mkForce [ "nginx/${domain}/${srv}" ];
82 systemd.services.gitweb = {
83 description = "GitWeb FastCGI service";
84 script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
85 environment = {
86 FCGI_SOCKET_PATH = gitwebSocket;
87 FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
88 };
89 serviceConfig = {
90 User = gitolite.user;
91 Group = nginx.group;
92 RuntimeDirectory = [ "gitweb" ];
93 Restart = "always";
94 RestartSec = 10;
95 };
96 wantedBy = [ "multi-user.target" ];
97 };
98 services.gitweb = {
99 gitwebTheme = false;
100 projectroot = "${gitolite.dataDir}/repositories";
101 extraConfig = ''
102 use utf8;
103 my $s = $cgi->https() ? "s" : "";
104 @extra_breadcrumbs = (["sourcephile" => "http''${s}://${domain}"]);
105 $site_name = "Git — Sourcephile";
106 $home_link_str = "git";
107 $projects_list = "${gitolite.dataDir}/projects.list";
108 $projects_list_description_width = 50;
109 $projects_list_group_categories = 1;
110 $default_projects_order = "age";
111 $default_text_plain_charset = 'utf-8';
112 #$fallback_encoding = "utf-8";
113 $omit_owner = 1;
114 $export_ok = "git-daemon-export-ok";
115 $prevent_xss = 0;
116 @git_base_url_list =
117 ( "git://${srv}.${domain}"
118 , "git\@${srv}.${domain}:"
119 );
120 # NOTE: more readable URL.
121 $feature{'pathinfo'}{'default'} = [1];
122 @stylesheets = ( "/static/gitweb.css"
123 , "/static-custom/style.css"
124 );
125 $logo = "/static/git-logo.png";
126 $favicon = "/static/git-favicon.png";
127 $javascript = "/static/gitweb.js";
128 $feature{'highlight'}{'default'} = [1];
129 '';
130 };
131 }