From 55daf8a35f4f1761f5f4c4ebe4a6dcb4b0ace514 Mon Sep 17 00:00:00 2001 From: Adrian Kummerlaender Date: Mon, 1 Oct 2018 10:26:21 +0200 Subject: Describe custom gitolite and cgit setup Replaces short-term Gitea instance on `code.kummerlaender.eu`. The main reason for implementing this more complex setup is that Gitea both lacks in features in areas that I care about and provides distracting features in other areas that I do not use. e.g. Gitea provides multi-user, discussion and organization support but doesn't provide Atom feeds which are required for [Overview](https://tree.kummerlaender.eu/projects/xslt/overview/). This is why exposing [gitolite](http://gitolite.com)-managed repositories via [cgit](https://git.zx2c4.com/cgit/about/) is a better fit for my usecases. Note that gitolite is further configured outside of Nix through its own admin repository. As a side benefit `pkgs.kummerlaender.eu` now provides further archive formats of its Nix expressions which simplifies Nix channel usage. --- host/software/server/git.nix | 122 +++++++++++++++++++++++++++++---------- host/software/server/website.nix | 16 ++++- 2 files changed, 105 insertions(+), 33 deletions(-) diff --git a/host/software/server/git.nix b/host/software/server/git.nix index 4eedb53..209a318 100644 --- a/host/software/server/git.nix +++ b/host/software/server/git.nix @@ -1,38 +1,100 @@ { pkgs, ... }: { - services = { - gitea = { - enable = true; - database.type = "sqlite3"; - - appName = "~/projects"; - domain = "code.kummerlaender.eu"; - rootUrl = "https://code.kummerlaender.eu/"; - httpPort = 3000; - - extraConfig = '' - [server] - LANDING_PAGE = "explore" - [service] - DISABLE_REGISTRATION = true - SHOW_REGISTRATION_BUTTON = false - [other] - SHOW_FOOTER_VERSION = false - SHOW_FOOTER_TEMPLATE_LOAD_TIME = false - [api] - ENABLE_SWAGGER_ENDPOINT = false - [picture] - DISABLE_GRAVATAR = true - [indexer] - REPO_INDEXER_ENABLED = true - ''; + services.uwsgi = { + enable = true; + user = "nginx"; + group = "nginx"; + plugins = [ "cgi" ]; + + instance = { + type = "emperor"; + vassals = { + cgit = { + type = "normal"; + master = "true"; + socket = "/run/uwsgi/cgit.sock"; + procname-master = "uwsgi cgit"; + plugins = [ "cgi" ]; + cgi = "${pkgs.cgit}/cgit/cgit.cgi"; + }; + }; }; + }; + + services.gitolite = { + enable = true; + user = "git"; + group = "git"; + adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDy2h3NXWVW7BlEehCCgQ3ZMq64rqxoI70dg9Zq3SdIWcqunkWsHGSmzXbxM0ZCD2/VWNVrvShusg0dDSOwV64HUxIuDWpM6gCvg5MKBS0ZMwb9831d0ybf6kU/gppJGyM7R9HspB69C9pnKBB6vUUXd/TgmjhiAHPCwbq/vgWRN7yYGwB/tc7pRiugk6tyfgvXvFCnQXZLoPSx0qBF3L6YyRzbtL5sI7KoN/gCzgqnT0H91vhxkjXrPN+GnW43lcbaqApd3gd0NmMaWNxR6ZKnXFFcUPI72cbBmhe3+t15pF9ZUYZ0sKSfbgOZx0vHLiS69Dr63L6gVNGNx7B/yxC3 common@asterix"; + extraGitoliteRc = '' + $RC{UMASK} = 0027; + $RC{GIT_CONFIG_KEYS} = '.*'; + ''; + }; - nginx.virtualHosts."code.kummerlaender.eu" = { - addSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:3000/"; + users.extraUsers.nginx.extraGroups = [ "git" ]; + + services.nginx.virtualHosts."code.kummerlaender.eu" = { + addSSL = true; + enableACME = true; + root = "${pkgs.cgit}/cgit"; + locations = { + "/" = { + extraConfig = '' + try_files $uri @cgit; + ''; + }; + "@cgit" = { + extraConfig = '' + uwsgi_pass unix:/run/uwsgi/cgit.sock; + include ${pkgs.nginx}/conf/uwsgi_params; + uwsgi_modifier1 9; + ''; + }; + }; + }; + + systemd.services.create-cgit-cache = { + description = "Create cache directory for cgit"; + enable = true; + wantedBy = [ "uwsgi.service" ]; + serviceConfig = { + type = "oneshot"; }; + script = '' + mkdir /run/cgit + chown -R nginx:nginx /run/cgit + ''; }; + + environment.etc."cgitrc".text = '' + virtual-root=/ + + cache-size=1000 + cache-root=/run/cgit + + root-title=~/projects + root-desc=code.kummerlaender.eu + footer= + + enable-index-owner=0 + enable-http-clone=1 + noplainemail=1 + + max-atom-items=50 + + enable-git-config=1 + enable-gitweb-owner=1 + remove-suffix=1 + + snapshots=all + readme=master:README.md + + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + + project-list=/var/lib/gitolite/projects.list + scan-path=/var/lib/gitolite/repositories + ''; } diff --git a/host/software/server/website.nix b/host/software/server/website.nix index c347c25..2e2b9e3 100644 --- a/host/software/server/website.nix +++ b/host/software/server/website.nix @@ -5,19 +5,27 @@ isNormalUser = true; uid = 2000; shell = pkgs.fish; - home = "/home/public"; }; # `public` generates websites using their custom derivations via `nix-build` services.nginx.virtualHosts = let + default = locations: { inherit locations; addSSL = true; enableACME = true; }; + website = sub: default { "/".root = "/home/public/${sub}/result"; }; + + proxy = target: { + proxyPass = target; + extraConfig = '' + proxy_set_header Host code.kummerlaender.eu; + ''; + }; in { "kummerlaender.eu" = website "overview"; "blog.kummerlaender.eu" = website "blog"; @@ -25,8 +33,10 @@ "static.kummerlaender.eu" = website "static"; "pkgs.kummerlaender.eu" = default { - "/".root = "/home/public/pkgs/result"; - "/nixexprs.tar.gz".proxyPass = "http://localhost:3000/adrian/pkgs/archive/master.tar.gz"; + "/".root = "/home/public/pkgs/result"; + "/nixexprs.tar.gz" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.gz"; + "/nixexprs.tar.xz" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.xz"; + "/nixexprs.tar.bz2" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.bz2"; }; }; } -- cgit v1.2.3