blob: c7cd56e747356d57c398ec961b699a033f063012 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
{ options, config, lib, namespace, pkgs, ... }:
with lib; with lib.${namespace}; let
cfg = config.${namespace}.services.web.cgit;
impermanence = config.${namespace}.system.impermanence;
package = (pkgs.cgit.overrideAttrs (previousAttrs: {
postInstall = (previousAttrs.postInstall or "") + ''
rm $out/cgit/favicon.ico # automatically fetched by browsers
# install -m 0644 $\{./favicon.ico} $out/cgit/favicon.ico
# install -m 0644 $\{./icon.png} $out/cgit/cgit.png
'';
}));
in {
options.${namespace}.services.web.cgit = with types; {
enable = mkEnableOption "git.cxl.sh webserver";
virtualHost = mkOption {
type = str;
};
ssl = mkOption {
type = bool;
default = true;
};
path = mkOption {
type = path;
default = "/srv/git";
};
};
config = mkIf cfg.enable {
cxl.services.web.enable = true;
services.cgit = let
base = {
package = package;
nginx.virtualHost = cfg.virtualHost;
scanPath = cfg.path;
user = "git";
group = "git";
settings = {
strict-export = "git-daemon-export-ok";
enable-git-config = true;
enable-index-owner = true;
favicon = "";
logo = "";
root-title = cfg.virtualHost;
root-desc = "caroline's git mirror :3 (see about tab)";
root-readme = "${pkgs.writeText "cgit-readme.txt" ''
these repos are all mirrored from my github (CartConnoisseur) as effectively a backup.
i may eventually move to another "heavy" host (with issues, prs, etc), but for now the canonical versions of these are over there.
you are welcome to clone them over http(s) from here, though, if you wish.
''}";
section-from-path = 1;
source-filter = "${package}/lib/cgit/filters/syntax-highlighting.py";
about-filter = "${package}/lib/cgit/filters/about-formatting.sh";
readme = ":README.md";
};
gitHttpBackend.checkExportOkFiles = true;
};
in {
"public" = base // {
enable = true;
};
"private" = base // {
enable = true;
nginx.virtualHost = "private.${cfg.virtualHost}";
settings = base.settings // {
strict-export = "";
enable-git-config = false;
root-title = "private.${cfg.virtualHost}";
root-desc = "caroline's (private) git mirror :3";
};
gitHttpBackend.enable = false;
};
};
services.nginx = {
enable = true;
virtualHosts = {
"${cfg.virtualHost}" = {
addSSL = cfg.ssl;
enableACME = cfg.ssl;
};
"private.${cfg.virtualHost}" = {
forceSSL = cfg.ssl;
enableACME = cfg.ssl;
extraConfig = ''
ssl_client_certificate ${./ca.crt};
ssl_verify_client on;
'';
};
};
};
};
}
|