{ pkgs, ... }: { services.uwsgi = { enable = true; user = "nginx"; group = "nginx"; plugins = [ "cgi" ]; instance = { type = "emperor"; vassals = { cgit = { type = "normal"; master = true; socket = "/run/uwsgi/cgit.sock"; procname-master = "uwsgi cgit"; plugins = [ "cgi" ]; cgi = "${pkgs.cgit-pink}/cgit/cgit.cgi"; }; }; }; }; users.extraUsers.nginx.extraGroups = [ "git" ]; services.nginx.virtualHosts."git.sefidel.com" = { addSSL = true; useACMEHost = "sefidel.com"; root = "${pkgs.cgit-pink}/cgit"; locations = { "/" = { extraConfig = '' try_files $uri @cgit; ''; }; "@cgit" = { extraConfig = '' uwsgi_pass unix:/run/uwsgi/cgit.sock; include ${pkgs.nginx}/conf/uwsgi_params; uwsgi_modifier1 9; ''; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; systemd.services.create-cgit-cache = { description = "Create cache directory for cgit"; enable = true; script = '' mkdir -p /run/cgit chown -R nginx:nginx /run/cgit ''; wantedBy = [ "uwsgi.service" ]; serviceConfig = { Type = "oneshot"; }; }; environment.etc."cgitrc".text = '' virtual-root=/ cache-size=1000 cache-root=/run/cgit root-title=sefidel git root-desc=Exotic place. snapshots=tar.gz zip enable-git-config=1 remove-suffix=1 enable-git-clone=1 enable-index-links=1 enable-commit-graph=1 enable-log-filecount=1 enable-log-linecount=1 branch-sort=age readme=:README readme=:readme readme=:README.md readme=:readme.md readme=:README.org readme=:readme.org source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh section-from-path=2 project-list=/var/lib/gitolite/projects.list scan-path=/var/lib/gitolite/repositories ''; imports = [ ./nginx.nix ]; }