diff options
| -rw-r--r-- | colmena/cobalt/configuration.nix | 2 | ||||
| -rw-r--r-- | colmena/cobalt/services/cgit.nix | 93 | ||||
| -rw-r--r-- | colmena/cobalt/services/gitolite.nix | 23 | ||||
| -rw-r--r-- | colmena/cobalt/services/nginx.nix | 15 |
4 files changed, 133 insertions, 0 deletions
diff --git a/colmena/cobalt/configuration.nix b/colmena/cobalt/configuration.nix index 1542def..619aeb2 100644 --- a/colmena/cobalt/configuration.nix +++ b/colmena/cobalt/configuration.nix @@ -26,6 +26,8 @@ in ./services/acme.nix ./services/soju.nix + ./services/gitolite.nix + ./services/cgit.nix ]; boot.supportedFilesystems = [ "zfs" ]; diff --git a/colmena/cobalt/services/cgit.nix b/colmena/cobalt/services/cgit.nix new file mode 100644 index 0000000..6f377a2 --- /dev/null +++ b/colmena/cobalt/services/cgit.nix @@ -0,0 +1,93 @@ +{ pkgs, ... }: + +{ + services.uwsgi = { + enable = true; + user = "nginx"; + group = "nginx"; + plugins = [ "cgi" ]; + + instance = { + type = "emperor"; + vassals = { + cgit = { + type = "normal"; + master = true; + socket = "/run/uwsgi/cgit.sock"; + procname-master = "uwsgi cgit"; + plugins = [ "cgi" ]; + cgi = "${pkgs.cgit-pink}/cgit/cgit.cgi"; + }; + }; + }; + }; + + users.extraUsers.nginx.extraGroups = [ "git" ]; + + services.nginx.virtualHosts."git.sefidel.com" = { + addSSL = true; + useACMEHost = "sefidel.com"; + root = "${pkgs.cgit-pink}/cgit"; + locations = { + "/" = { + extraConfig = '' + try_files $uri @cgit; + ''; + }; + "@cgit" = { + extraConfig = '' + uwsgi_pass unix:/run/uwsgi/cgit.sock; + include ${pkgs.nginx}/conf/uwsgi_params; + uwsgi_modifier1 9; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + systemd.services.create-cgit-cache = { + description = "Create cache directory for cgit"; + enable = true; + + script = '' + mkdir -p /run/cgit + chown -R nginx:nginx /run/cgit + ''; + + wantedBy = [ "uwsgi.service" ]; + serviceConfig = { + Type = "oneshot"; + }; + }; + + environment.etc."cgitrc".text = '' + virtual-root=/ + + cache-size=1000 + cache-root=/run/cgit + + root-title=sefidel git + root-desc=Browse repositories + + snapshots=tar.gz zip + + + readme=:README + readme=:readme + readme=:README.md + readme=:readme.md + readme=:README.org + readme=:readme.org + + source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh + + project-list=/var/lib/gitolite/projects.list + scan-path=/var/lib/gitolite/repositories + ''; + + imports = [ + ./nginx.nix + ]; +} diff --git a/colmena/cobalt/services/gitolite.nix b/colmena/cobalt/services/gitolite.nix new file mode 100644 index 0000000..55dec6c --- /dev/null +++ b/colmena/cobalt/services/gitolite.nix @@ -0,0 +1,23 @@ +{ + services.gitolite = { + enable = true; + user = "git"; + group = "git"; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F"; + extraGitoliteRc = '' + $RC{UMASK} = 0027; + $RC{GIT_CONFIG_KEYS} = '.*'; + $RC{ROLES}{OWNERS} = 1; + $RC{OWNER_ROLENAME} = 'OWNERS'; + push(@{$RC{ENABLE}}, 'D'); + push(@{$RC{ENABLE}}, 'set-default-roles'); + # push(@{$RC{ENABLE}}, 'create'); + # push(@{$RC{ENABLE}}, 'fork'); + + ''; + }; + + environment.persistence."/persist".directories = [ + "/var/lib/gitolite" + ]; +} diff --git a/colmena/cobalt/services/nginx.nix b/colmena/cobalt/services/nginx.nix new file mode 100644 index 0000000..cb5ced3 --- /dev/null +++ b/colmena/cobalt/services/nginx.nix @@ -0,0 +1,15 @@ +{ + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + }; + + users.extraUsers.nginx.extraGroups = [ "acme" ]; + + imports = [ + ./acme.nix + ]; +} |