blob: e33971ecf345f435f8429a1e412882151d3b457f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
{ options, config, lib, namespace, pkgs, ... }:
with lib; with lib.${namespace}; let
cfg = config.${namespace}.services.web.cgit;
impermanence = config.${namespace}.system.impermanence;
in {
options.${namespace}.services.web.cgit = with types; {
enable = mkEnableOption "git.cxl.sh webserver";
virtualHost = mkOption {
type = str;
};
path = mkOption {
type = path;
default = "/srv/git";
};
};
config = mkIf cfg.enable {
cxl.services.web.enable = true;
services.cgit = {
"public" = {
enable = true;
scanPath = cfg.path;
nginx.virtualHost = cfg.virtualHost;
user = "git";
group = "git";
settings = {
strict-export = "git-daemon-export-ok";
enable-git-config = true;
enable-index-owner = true;
root-title = cfg.virtualHost;
root-desc = "caroline's git mirror :3 (see about tab)";
root-readme = "${pkgs.writeText "cgit-readme.txt" ''
these repos are all mirrored from my github (CartConnoisseur) as effectively a backup.
i may eventually move to another "heavy" host (with issues, prs, etc), but for now the canonical versions of these are over there.
you are welcome to clone them over http(s) from here, though, if you wish.
''}";
readme = ":README.md";
};
gitHttpBackend.checkExportOkFiles = true;
};
"private" = {
enable = true;
scanPath = cfg.path;
nginx.virtualHost = "private.${cfg.virtualHost}";
user = "git";
group = "git";
settings = {
enable-git-config = false;
};
gitHttpBackend.enable = false;
};
};
services.nginx = {
enable = true;
virtualHosts = {
"${cfg.virtualHost}" = {
addSSL = true;
enableACME = true;
};
"private.${cfg.virtualHost}" = {
addSSL = true;
enableACME = true;
extraConfig = ''
ssl_client_certificate ${./ca.crt};
ssl_verify_client on;
'';
};
};
};
};
}
|