path: root/colmena/cobalt/services/cgit.nix

{ pkgs, ... }:

{
  services.uwsgi = {
    enable = true;
    user = "nginx";
    group = "nginx";
    plugins = [ "cgi" ];

    instance = {
      type = "emperor";
      vassals = {
        cgit = {
          type = "normal";
          master = true;
          socket = "/run/uwsgi/cgit.sock";
          procname-master = "uwsgi cgit";
          plugins = [ "cgi" ];
          cgi = "${pkgs.cgit-pink}/cgit/cgit.cgi";
        };
      };
    };
  };

  users.extraUsers.nginx.extraGroups = [ "git" ];

  services.nginx.virtualHosts."git.sefidel.com" = {
    addSSL = true;
    useACMEHost = "sefidel.com";
    root = "${pkgs.cgit-pink}/cgit";
    locations = {
      "/" = {
        extraConfig = ''
          try_files $uri @cgit;
        '';
      };
      "@cgit" = {
        extraConfig = ''
          uwsgi_pass unix:/run/uwsgi/cgit.sock;
          include ${pkgs.nginx}/conf/uwsgi_params;
          uwsgi_modifier1 9;
        '';
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  systemd.services.create-cgit-cache = {
    description = "Create cache directory for cgit";
    enable = true;

    script = ''
      mkdir -p /run/cgit
      chown -R nginx:nginx /run/cgit
    '';

    wantedBy = [ "uwsgi.service" ];
    serviceConfig = {
      Type = "oneshot";
    };
  };

  environment.etc."cgitrc".text = ''
    virtual-root=/

    cache-size=1000
    cache-root=/run/cgit

    root-title=sefidel git
    root-desc=Exotic place.

    snapshots=tar.gz zip

    enable-git-config=1
    enable-gitweb-owner=1
    remove-suffix=1

    readme=:README
    readme=:readme
    readme=:README.md
    readme=:readme.md
    readme=:README.org
    readme=:readme.org

    source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py
    about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh

    project-list=/var/lib/gitolite/projects.list
    scan-path=/var/lib/gitolite/repositories
  '';

  imports = [
    ./nginx.nix
  ];
}