{ domain, ... }: { pkgs, lib, config, ... }: let inherit (config) networking; inherit (config.services) gitweb gitolite nginx; srv = "git"; gitwebSocket = "/run/gitweb/gitweb.sock"; in { services.nginx = { commonHttpConfig = '' fastcgi_cache_path /var/cache/nginx/fastcgi_cache:${domain}:${srv} keys_zone=${domain}/${srv}:2M inactive=10m levels=1:2 max_size=32M; ''; virtualHosts."${srv}.${domain}" = { serverAliases = [ "code.${domain}" ]; forceSSL = true; useACMEHost = domain; extraConfig = '' access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k; error_log /var/log/nginx/${domain}/${srv}/error.log warn; ''; locations = { "/" = { extraConfig = '' include ${pkgs.nginx}/conf/fastcgi_params; ${nginx.configs.https_add_headers} add_header X-Cache $upstream_cache_status; fastcgi_cache ${domain}/${srv}; fastcgi_cache_valid 200 1m; fastcgi_cache_valid 404 3m; fastcgi_max_temp_file_size 1M; # Used by gitweb's pathinfo feature fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile}; fastcgi_pass unix:${gitwebSocket}; ''; }; "/static/" = { alias = "${pkgs.gitweb}/static/"; extraConfig = '' access_log off; ''; }; "/static-custom/" = { root = pkgs.writeTextDir "static-custom/style.css" '' .project_list { width:100%; } ''; extraConfig = '' access_log off; ''; }; "/robots.txt" = { root = pkgs.writeTextDir "robots.txt" '' User-agent: * Disallow: /*/blame/* Disallow: /*/blobdiff/* Disallow: /*/commitdiff/* Disallow: /*/commitdiff_plain/* Disallow: /*/patch/* Disallow: /*/search/* Disallow: /*/snapshot/* Disallow: /*a=blame* Disallow: /*a=blobdiff* Disallow: /*a=commitdiff* Disallow: /*a=commitdiff_plain* Disallow: /*a=patch* Disallow: /*a=search* Disallow: /*a=snapshot* ''; extraConfig = '' access_log off; ''; }; }; }; }; systemd.services.nginx.serviceConfig.LogsDirectory = lib.mkForce ["nginx/${domain}/${srv}"]; systemd.services.gitweb = { description = "GitWeb FastCGI service"; script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1"; environment = { FCGI_SOCKET_PATH = gitwebSocket; FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct() }; serviceConfig = { User = gitolite.user; Group = nginx.group; RuntimeDirectory = [ "gitweb" ]; Restart = "always"; RestartSec = 10; }; wantedBy = [ "multi-user.target" ]; }; services.gitweb = { gitwebTheme = false; projectroot = "${gitolite.dataDir}/repositories"; extraConfig = '' use utf8; my $s = $cgi->https() ? "s" : ""; @extra_breadcrumbs = (["sourcephile" => "http''${s}://${domain}"]); $site_name = "Git — Sourcephile"; $home_link_str = "git"; $projects_list = "${gitolite.dataDir}/projects.list"; $projects_list_description_width = 50; $projects_list_group_categories = 1; $default_projects_order = "age"; $default_text_plain_charset = 'utf-8'; #$fallback_encoding = "utf-8"; $omit_owner = 1; $export_ok = "git-daemon-export-ok"; $prevent_xss = 0; @git_base_url_list = ( "git://${srv}.${domain}" , "git\@${srv}.${domain}:" ); # NOTE: more readable URL. $feature{'pathinfo'}{'default'} = [1]; @stylesheets = ( "/static/gitweb.css" , "/static-custom/style.css" ); $logo = "/static/git-logo.png"; $favicon = "/static/git-favicon.png"; $javascript = "/static/gitweb.js"; $feature{'highlight'}{'default'} = [1]; ''; }; }