]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/nginx/gitweb.nix
x509: send the key once for root, not one per service
[sourcephile-nix.git] / servers / mermet / nginx / gitweb.nix
1 { pkgs, lib, config, ... }:
2 let inherit (config) networking;
3 inherit (config.services) gitweb gitolite nginx;
4 package = pkgs.gitweb.override (lib.optionalAttrs gitweb.gitwebTheme {
5 gitwebTheme = true;
6 });
7 RuntimeDirectory = "gitweb";
8 gitwebSocket = "/run/${RuntimeDirectory}/gitweb.sock";
9 static-custom = pkgs.writeTextFile {
10 name = "static-custom";
11 destination = "/static-custom/style.css";
12 text = ''
13 .project_list {
14 width:100%;
15 }
16 '';
17 };
18 in
19 {
20 services.nginx = {
21 virtualHosts."git" = {
22 serverName = "git.${networking.domain}";
23 serverAliases =
24 map (domainAlias: "git." + domainAlias)
25 config.networking.domainAliases;
26 forceSSL = false;
27 sslCertificate = nginx.virtualHosts."_".sslCertificate;
28 sslCertificateKey = nginx.virtualHosts."_".sslCertificateKey;
29 locations = {
30 "/" = {
31 extraConfig = ''
32 include ${pkgs.nginx}/conf/fastcgi_params;
33 fastcgi_param PATH_INFO $fastcgi_script_name;
34 # NOTE: used by gitweb's pathinfo feature.
35 fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
36 fastcgi_pass unix:${gitwebSocket};
37 '';
38 };
39 "/static/" = {
40 alias = "${pkgs.gitweb}/static/";
41 };
42 "/static-custom/" = {
43 alias = "${static-custom}/static-custom/";
44 };
45 };
46 };
47 };
48 systemd.services.gitweb = {
49 description = "GitWeb FastCGI service";
50 script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
51 environment = {
52 FCGI_SOCKET_PATH = gitwebSocket;
53 FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
54 };
55 serviceConfig = {
56 User = gitolite.user;
57 Group = nginx.group;
58 RuntimeDirectory = [ RuntimeDirectory ];
59 Restart = "always";
60 RestartSec = 10;
61 };
62 wantedBy = [ "multi-user.target" ];
63 };
64 services.gitweb = {
65 gitwebTheme = false;
66 projectroot = "${gitolite.dataDir}/repositories";
67 extraConfig = ''
68 use utf8;
69 my $s = $cgi->https() ? "s" : "";
70 @extra_breadcrumbs = (["${networking.domainBase}" => "http''${s}://${networking.domain}"]);
71 $site_name = "Git — Sourcephile";
72 $home_link_str = "git";
73 $projects_list = "${gitolite.dataDir}/projects.list";
74 $projects_list_description_width = 50;
75 $projects_list_group_categories = 1;
76 $default_projects_order = "age";
77 $omit_owner = 1;
78 $export_ok = "git-daemon-export-ok";
79 $prevent_xss = 0;
80 @git_base_url_list =
81 ( "git://git.${networking.domain}"
82 , "git\@git.${networking.domain}:"
83 );
84 # NOTE: more readable URL.
85 $feature{'pathinfo'}{'default'} = [1];
86 @stylesheets = ( "/static/gitweb.css"
87 , "/static-custom/style.css"
88 );
89 $logo = "/static/git-logo.png";
90 $favicon = "/static/git-favicon.png";
91 $javascript = "/static/gitweb.js";
92 $feature{'highlight'}{'default'} = [1];
93 # FIX: gitweb bug: FCGI is not Unicode aware.
94 if ($first_request) {
95 my $enc = Encode::find_encoding('UTF-8');
96 my $org = \&FCGI::Stream::PRINT;
97 no warnings 'redefine';
98 *FCGI::Stream::PRINT = sub {
99 my @OUTPUT = @_;
100 for (my $i = 1; $i < @_; $i++) {
101 $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC);
102 }
103 @_ = @OUTPUT;
104 goto $org;
105 };
106 };
107 '';
108 };
109 }