{ domain, ... }:
{ pkgs, lib, config, ... }:
let
- inherit (config) networking;
inherit (config.services) gitweb gitolite nginx;
srv = "git";
gitwebSocket = "/run/gitweb/gitweb.sock";
in
{
-services.nginx = {
- commonHttpConfig = ''
- fastcgi_cache_path /var/cache/nginx/fastcgi_cache:${domain}:${srv}
- keys_zone=${domain}/${srv}:2M
- inactive=10m
- levels=1:2
- max_size=32M;
- '';
- virtualHosts."${srv}.${domain}" = {
- serverAliases = [ "code.${domain}" ];
- forceSSL = true;
- useACMEHost = domain;
- extraConfig = ''
- access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
- error_log /var/log/nginx/${domain}/${srv}/error.log warn;
+ services.nginx = {
+ commonHttpConfig = ''
+ fastcgi_cache_path /var/cache/nginx/${domain}/${srv}/fastcgi
+ keys_zone=${domain}/${srv}/fastcgi:2M
+ inactive=10m
+ levels=1:2
+ max_size=32M
+ use_temp_path=off;
'';
- locations = {
- "/" = {
- extraConfig = ''
- include ${pkgs.nginx}/conf/fastcgi_params;
- ${nginx.configs.https_add_headers}
- add_header X-Cache $upstream_cache_status;
- fastcgi_cache ${domain}/${srv};
- fastcgi_cache_valid 200 1m;
- fastcgi_cache_valid 404 3m;
- fastcgi_max_temp_file_size 1M;
- # Used by gitweb's pathinfo feature
- fastcgi_param PATH_INFO $fastcgi_script_name;
- fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
- fastcgi_pass unix:${gitwebSocket};
- '';
- };
- "/static/" = {
- alias = "${pkgs.gitweb}/static/";
- extraConfig = ''
- access_log off;
- '';
- };
- "/static-custom/" = {
- root = pkgs.writeTextDir "static-custom/style.css" ''
- .project_list {
- width:100%;
- }
- '';
- extraConfig = ''
- access_log off;
- '';
- };
- "/robots.txt" = {
- root = pkgs.writeTextDir "robots.txt" ''
- User-agent: *
- Disallow: /*/blame/*
- Disallow: /*/blobdiff/*
- Disallow: /*/commitdiff/*
- Disallow: /*/commitdiff_plain/*
- Disallow: /*/patch/*
- Disallow: /*/search/*
- Disallow: /*/snapshot/*
- Disallow: /*a=blame*
- Disallow: /*a=blobdiff*
- Disallow: /*a=commitdiff*
- Disallow: /*a=commitdiff_plain*
- Disallow: /*a=patch*
- Disallow: /*a=search*
- Disallow: /*a=snapshot*
- '';
- extraConfig = ''
- access_log off;
- '';
+ virtualHosts."${srv}.${domain}" = {
+ forceSSL = true;
+ useACMEHost = domain;
+ extraConfig = ''
+ access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
+ error_log /var/log/nginx/${domain}/${srv}/error.log warn;
+ '';
+ locations = {
+ "/" = {
+ extraConfig = ''
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ ${nginx.configs.https_add_headers}
+ add_header X-Cache $upstream_cache_status;
+ fastcgi_cache ${domain}/${srv}/fastcgi;
+ fastcgi_cache_valid 200 1m;
+ fastcgi_cache_valid 404 3m;
+ fastcgi_max_temp_file_size 1M;
+ # Used by gitweb's pathinfo feature
+ fastcgi_param PATH_INFO $fastcgi_script_name;
+ fastcgi_param GITWEB_CONFIG ${gitweb.gitwebConfigFile};
+ fastcgi_pass unix:${gitwebSocket};
+ '';
+ };
+ "/static/" = {
+ alias = "${pkgs.gitweb}/static/";
+ extraConfig = ''
+ access_log off;
+ '';
+ };
+ "/static-custom/" = {
+ root = pkgs.writeTextDir "static-custom/style.css" ''
+ .project_list {
+ width:100%;
+ }
+ '';
+ extraConfig = ''
+ access_log off;
+ '';
+ };
+ "/robots.txt" = {
+ root = pkgs.writeTextDir "robots.txt" ''
+ User-agent: *
+ Disallow: /*/blame/*
+ Disallow: /*/blobdiff/*
+ Disallow: /*/commitdiff/*
+ Disallow: /*/commitdiff_plain/*
+ Disallow: /*/patch/*
+ Disallow: /*/search/*
+ Disallow: /*/snapshot/*
+ Disallow: /*a=blame*
+ Disallow: /*a=blobdiff*
+ Disallow: /*a=commitdiff*
+ Disallow: /*a=commitdiff_plain*
+ Disallow: /*a=patch*
+ Disallow: /*a=search*
+ Disallow: /*a=snapshot*
+ '';
+ extraConfig = ''
+ access_log off;
+ '';
+ };
};
};
};
-};
-systemd.services.nginx.serviceConfig.LogsDirectory = lib.mkForce ["nginx/${domain}/${srv}"];
-systemd.services.gitweb = {
- description = "GitWeb FastCGI service";
- script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
- environment = {
- FCGI_SOCKET_PATH = gitwebSocket;
- FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
+ systemd.services.nginx.serviceConfig.LogsDirectory = lib.mkForce [ "nginx/${domain}/${srv}" ];
+ systemd.services.gitweb = {
+ description = "GitWeb FastCGI service";
+ script = "${pkgs.gitweb}/gitweb.cgi --fastcgi --nproc=1";
+ environment = {
+ FCGI_SOCKET_PATH = gitwebSocket;
+ FCGI_SOCKET_PERM = "432"; # decimal of 660 in octal, since current CGI::Fast doesn't use perl's oct()
+ };
+ serviceConfig = {
+ User = gitolite.user;
+ Group = nginx.group;
+ RuntimeDirectory = [ "gitweb" ];
+ Restart = "always";
+ RestartSec = 10;
+ };
+ wantedBy = [ "multi-user.target" ];
};
- serviceConfig = {
- User = gitolite.user;
- Group = nginx.group;
- RuntimeDirectory = [ "gitweb" ];
- Restart = "always";
- RestartSec = 10;
+ services.gitweb = {
+ gitwebTheme = false;
+ projectroot = "${gitolite.dataDir}/repositories";
+ extraConfig = ''
+ use utf8;
+ my $s = $cgi->https() ? "s" : "";
+ @extra_breadcrumbs = (["sourcephile" => "http''${s}://${domain}"]);
+ $site_name = "Git — Sourcephile";
+ $home_link_str = "git";
+ $projects_list = "${gitolite.dataDir}/projects.list";
+ $projects_list_description_width = 50;
+ $projects_list_group_categories = 1;
+ $default_projects_order = "age";
+ $default_text_plain_charset = "utf-8";
+ $fallback_encoding = "utf-8";
+ $mimetypes_file = "${pkgs.runCommand "mime.types" {} ''
+ substitute ${pkgs.mailcap}/etc/nginx/mime.types $out \
+ --replace text/html "text/html;charset=utf-8"
+ ''}";
+ $omit_owner = 1;
+ $export_ok = "git-daemon-export-ok";
+ $prevent_xss = 0;
+ @git_base_url_list =
+ ( "git://${srv}.${domain}"
+ , "git\@${srv}.${domain}:"
+ );
+ # NOTE: more readable URL.
+ $feature{'pathinfo'}{'default'} = [1];
+ @stylesheets = ( "/static/gitweb.css"
+ , "/static-custom/style.css"
+ );
+ $logo = "/static/git-logo.png";
+ $favicon = "/static/git-favicon.png";
+ $javascript = "/static/gitweb.js";
+ $feature{'highlight'}{'default'} = [1];
+ '';
};
- wantedBy = [ "multi-user.target" ];
-};
-services.gitweb = {
- gitwebTheme = false;
- projectroot = "${gitolite.dataDir}/repositories";
- extraConfig = ''
- use utf8;
- my $s = $cgi->https() ? "s" : "";
- @extra_breadcrumbs = (["sourcephile" => "http''${s}://${domain}"]);
- $site_name = "Git — Sourcephile";
- $home_link_str = "git";
- $projects_list = "${gitolite.dataDir}/projects.list";
- $projects_list_description_width = 50;
- $projects_list_group_categories = 1;
- $default_projects_order = "age";
- $default_text_plain_charset = 'utf-8';
- #$fallback_encoding = "utf-8";
- $omit_owner = 1;
- $export_ok = "git-daemon-export-ok";
- $prevent_xss = 0;
- @git_base_url_list =
- ( "git://${srv}.${domain}"
- , "git\@${srv}.${domain}:"
- );
- # NOTE: more readable URL.
- $feature{'pathinfo'}{'default'} = [1];
- @stylesheets = ( "/static/gitweb.css"
- , "/static-custom/style.css"
- );
- $logo = "/static/git-logo.png";
- $favicon = "/static/git-favicon.png";
- $javascript = "/static/gitweb.js";
- $feature{'highlight'}{'default'} = [1];
- '';
-};
}