{ pkgs, lib, config, ... }:
let
inherit (config) networking;
inherit (config.services) gitweb gitolite nginx;
domain = "sourcephile.fr";
srv = "git";
gitwebSocket = "/run/gitweb/gitweb.sock";
in
{
services.nginx = {
commonHttpConfig = ''
fastcgi_cache_path ${nginx.stateDir}/fastcgi_cache:${domain}:${srv}
keys_zone=${domain}/${srv}:2M
inactive=10m
levels=1:2
max_size=32M;
'';
virtualHosts."${srv}" = {
serverName = "${srv}.${domain}";
forceSSL = true;
useACMEHost = domain;
extraConfig = ''
access_log ${nginx.logDir}/${domain}/${srv}/access.log json buffer=32k;
error_log ${nginx.logDir}/${domain}/${srv}/error.log warn;
'';
locations = {
"/" = {
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
${nginx.configs.https_add_headers}
add_header X-Cache $upstream_cache_status;
fastcgi_cache ${domain}/${srv};
fastcgi_cache_valid 200 1m;
fastcgi_cache_valid 404 30m;
fastcgi_max_temp_file_size 1M;
# Used by gitweb's pathinfo feature
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
fastcgi_pass unix:${gitwebSocket};
'';
};
"/static/" = {
alias = "${pkgs.gitweb}/static/";
extraConfig = ''
access_log off;
'';
};
"/static-custom/" = {
root = pkgs.writeTextDir "static-custom/style.css" ''
.project_list {
width:100%;
}
'';
extraConfig = ''
access_log off;
'';
};
"/robots.txt" = {
root = pkgs.writeTextDir "robots.txt" ''
User-agent: *
Disallow: /*/blame/*
Disallow: /*/blobdiff/*
Disallow: /*/commitdiff/*
Disallow: /*/commitdiff_plain/*
Disallow: /*/patch/*
Disallow: /*/search/*
Disallow: /*/snapshot/*
Disallow: /*a=blame*
Disallow: /*a=blobdiff*
Disallow: /*a=commitdiff*
Disallow: /*a=commitdiff_plain*
Disallow: /*a=patch*
Disallow: /*a=search*
Disallow: /*a=snapshot*
'';
extraConfig = ''
access_log off;
'';
};
};
};
};
systemd.services.nginx.preStart = lib.mkBefore ''
install -D -d -m 750 -o ${nginx.user} -g ${nginx.group} ${nginx.logDir}/${domain}/${srv}/
'';
systemd.services.gitweb = {
description = "GitWeb FastCGI service";
script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
environment = {
FCGI_SOCKET_PATH = gitwebSocket;
FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
};
serviceConfig = {
User = gitolite.user;
Group = nginx.group;
RuntimeDirectory = [ "gitweb" ];
Restart = "always";
RestartSec = 10;
};
wantedBy = [ "multi-user.target" ];
};
services.gitweb = {
gitwebTheme = false;
projectroot = "${gitolite.dataDir}/repositories";
extraConfig = ''
use utf8;
my $s = $cgi->https() ? "s" : "";
@extra_breadcrumbs = (["${networking.domainBase}" => "http''${s}://${domain}"]);
$site_name = "Git — Sourcephile";
$home_link_str = "git";
$projects_list = "${gitolite.dataDir}/projects.list";
$projects_list_description_width = 50;
$projects_list_group_categories = 1;
$default_projects_order = "age";
$default_text_plain_charset = 'utf-8';
#$fallback_encoding = "utf-8";
$omit_owner = 1;
$export_ok = "git-daemon-export-ok";
$prevent_xss = 0;
@git_base_url_list =
( "git://${srv}.${domain}"
, "git\@${srv}.${domain}:"
);
# NOTE: more readable URL.
$feature{'pathinfo'}{'default'} = [1];
@stylesheets = ( "/static/gitweb.css"
, "/static-custom/style.css"
);
$logo = "/static/git-logo.png";
$favicon = "/static/git-favicon.png";
$javascript = "/static/gitweb.js";
$feature{'highlight'}{'default'} = [1];
'';
};
}