1 files changed, 129 insertions, 0 deletions

diff --git a/modules/services/cgit/default.nix b/modules/services/cgit/default.nix
new file mode 100644
index 0000000..a5fe894
--- /dev/null
+++ b/modules/services/cgit/default.nix
@@ -0,0 +1,129 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.modules.services.cgit;
+in
+{
+  options.modules.services.cgit = {
+    enable = mkEnableOption "cgit with uwsgi";
+
+    domain = mkOption { type = types.str; };
+    realHost = mkOption { type = types.str; };
+    # TODO: use generators & submodules
+    settings = {
+      title = mkOption { type = types.str; default = "${cfg.domain} git"; };
+      description = mkOption { type = types.str; default = "cgit, hyperfast web frontend for Git"; };
+    };
+  };
+  config = mkIf cfg.enable {
+
+    modules.services.nginx.enable = true;
+
+    services.uwsgi = {
+      enable = true;
+      user = "nginx";
+      group = "nginx";
+      plugins = [ "cgi" ];
+
+      instance = {
+        type = "emperor";
+        vassals = {
+          cgit = {
+            type = "normal";
+            socket = "/run/uwsgi/cgit.sock";
+            procname-master = "uwsgi cgit";
+            plugins = [ "cgi" ];
+            cgi = "${pkgs.cgit-pink}/cgit/cgit.cgi";
+          };
+        };
+      };
+    };
+
+    users.extraUsers.nginx.extraGroups = [ "git" ];
+
+    services.nginx.virtualHosts.${cfg.realHost} = {
+      forceSSL = true;
+      useACMEHost = cfg.domain;
+      root = "${pkgs.cgit-pink}/cgit";
+      locations = {
+        "/" = {
+          extraConfig = ''
+            try_files $uri @cgit;
+          '';
+        };
+        "=/exotic-cgit.css" = {
+          alias = "${./exotic-cgit.css}";
+          extraConfig = ''
+            # add_header Cache-Control "public, max-age=14400, must-revalidate";
+          '';
+        };
+        "@cgit" = {
+          extraConfig = ''
+            uwsgi_pass unix:/run/uwsgi/cgit.sock;
+            include ${pkgs.nginx}/conf/uwsgi_params;
+            uwsgi_modifier1 9;
+          '';
+        };
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+    systemd.services.create-cgit-cache = {
+      description = "Create cache directory for cgit";
+      enable = true;
+
+      script = ''
+        mkdir -p /run/cgit
+        chown -R nginx:nginx /run/cgit
+      '';
+
+      wantedBy = [ "uwsgi.service" ];
+      serviceConfig = {
+        Type = "oneshot";
+      };
+    };
+
+    environment.etc."cgitrc".text = ''
+      virtual-root=/
+
+      cache-size=1000
+      cache-root=/run/cgit
+
+      root-title=${cfg.settings.title}
+      root-desc=${cfg.settings.description}
+
+      css=/exotic-cgit.css
+
+      snapshots=tar.gz zip
+
+      enable-git-config=1
+      remove-suffix=1
+
+      enable-index-links=1
+      enable-index-owner=0
+      enable-git-clone=1
+      enable-commit-graph=1
+      enable-log-filecount=1
+      enable-log-linecount=1
+
+      branch-sort=age
+
+      readme=:README
+      readme=:readme
+      readme=:README.md
+      readme=:readme.md
+      readme=:README.org
+      readme=:readme.org
+
+      source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py
+      about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh
+
+      section-from-path=2
+
+      project-list=${config.services.gitolite.dataDir}/projects.list
+      scan-path=${config.services.gitolite.dataDir}/repositories
+    '';
+  };
+}