{ pkgs, lib, config, ... }: let inherit (config) networking; inherit (config.services) gitweb gitolite nginx; domain = "sourcephile.fr"; srv = "git"; gitwebSocket = "/run/gitweb/gitweb.sock"; in { services.nginx = { commonHttpConfig = '' fastcgi_cache_path ${nginx.stateDir}/fastcgi_cache:${domain}:${srv} keys_zone=${domain}/${srv}:2M inactive=10m levels=1:2 max_size=32M; ''; virtualHosts."${srv}" = { serverName = "${srv}.${domain}"; forceSSL = true; useACMEHost = domain; extraConfig = '' access_log ${nginx.logDir}/${domain}/${srv}/access.log json buffer=32k; error_log ${nginx.logDir}/${domain}/${srv}/error.log warn; ''; locations = { "/" = { extraConfig = '' include ${pkgs.nginx}/conf/fastcgi_params; ${nginx.configs.https_add_headers} add_header X-Cache $upstream_cache_status; fastcgi_cache ${domain}/${srv}; fastcgi_cache_valid 200 1m; fastcgi_cache_valid 404 30m; fastcgi_max_temp_file_size 1M; # Used by gitweb's pathinfo feature fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile}; fastcgi_pass unix:${gitwebSocket}; ''; }; "/static/" = { alias = "${pkgs.gitweb}/static/"; extraConfig = '' access_log off; ''; }; "/static-custom/" = { root = pkgs.writeTextDir "static-custom/style.css" '' .project_list { width:100%; } ''; extraConfig = '' access_log off; ''; }; "/robots.txt" = { root = pkgs.writeTextDir "robots.txt" '' User-agent: * Disallow: /*/blame/* Disallow: /*/blobdiff/* Disallow: /*/commitdiff/* Disallow: /*/commitdiff_plain/* Disallow: /*/patch/* Disallow: /*/search/* Disallow: /*/snapshot/* Disallow: /*a=blame* Disallow: /*a=blobdiff* Disallow: /*a=commitdiff* Disallow: /*a=commitdiff_plain* Disallow: /*a=patch* Disallow: /*a=search* Disallow: /*a=snapshot* ''; extraConfig = '' access_log off; ''; }; }; }; }; systemd.services.nginx.preStart = lib.mkBefore '' install -D -d -m 750 -o ${nginx.user} -g ${nginx.group} ${nginx.logDir}/${domain}/${srv}/ ''; systemd.services.gitweb = { description = "GitWeb FastCGI service"; script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1"; environment = { FCGI_SOCKET_PATH = gitwebSocket; FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct() }; serviceConfig = { User = gitolite.user; Group = nginx.group; RuntimeDirectory = [ "gitweb" ]; Restart = "always"; RestartSec = 10; }; wantedBy = [ "multi-user.target" ]; }; services.gitweb = { gitwebTheme = false; projectroot = "${gitolite.dataDir}/repositories"; extraConfig = '' use utf8; my $s = $cgi->https() ? "s" : ""; @extra_breadcrumbs = (["${networking.domainBase}" => "http''${s}://${domain}"]); $site_name = "Git — Sourcephile"; $home_link_str = "git"; $projects_list = "${gitolite.dataDir}/projects.list"; $projects_list_description_width = 50; $projects_list_group_categories = 1; $default_projects_order = "age"; $default_text_plain_charset = 'utf-8'; #$fallback_encoding = "utf-8"; $omit_owner = 1; $export_ok = "git-daemon-export-ok"; $prevent_xss = 0; @git_base_url_list = ( "git://${srv}.${domain}" , "git\@${srv}.${domain}:" ); # NOTE: more readable URL. $feature{'pathinfo'}{'default'} = [1]; @stylesheets = ( "/static/gitweb.css" , "/static-custom/style.css" ); $logo = "/static/git-logo.png"; $favicon = "/static/git-favicon.png"; $javascript = "/static/gitweb.js"; $feature{'highlight'}{'default'} = [1]; # Fix a bug in Gitweb: FCGI is not Unicode aware. if ($first_request) { my $enc = Encode::find_encoding('UTF-8'); my $old_PRINT = \&FCGI::Stream::PRINT; my $new_PRINT = sub { my @OUTPUT = @_; for (my $i = 1; $i < @_; $i++) { $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC); } @_ = @OUTPUT; goto $old_PRINT; }; no warnings 'redefine'; *FCGI::Stream::PRINT = $new_PRINT; *git_blob_plain = sub { *FCGI::Stream::PRINT = $old_PRINT; goto $old_git_blob_plain; *FCGI::Stream::PRINT = $new_PRINT; }; *git_snapshot = sub { *FCGI::Stream::PRINT = $old_PRINT; goto $old_git_snapshot; *FCGI::Stream::PRINT = $new_PRINT; }; }; ''; }; }