diff options
| author | Adrian Kummerlaender | 2018-10-01 10:26:21 +0200 | 
|---|---|---|
| committer | Adrian Kummerlaender | 2018-10-01 10:53:35 +0200 | 
| commit | 55daf8a35f4f1761f5f4c4ebe4a6dcb4b0ace514 (patch) | |
| tree | 601dede9bb5acc9c709924653e9ca8129c4a0162 | |
| parent | 17864d7ca574a0519fc4e8bb592796ede1221812 (diff) | |
| download | nixos_system-55daf8a35f4f1761f5f4c4ebe4a6dcb4b0ace514.tar nixos_system-55daf8a35f4f1761f5f4c4ebe4a6dcb4b0ace514.tar.gz nixos_system-55daf8a35f4f1761f5f4c4ebe4a6dcb4b0ace514.tar.bz2 nixos_system-55daf8a35f4f1761f5f4c4ebe4a6dcb4b0ace514.tar.lz nixos_system-55daf8a35f4f1761f5f4c4ebe4a6dcb4b0ace514.tar.xz nixos_system-55daf8a35f4f1761f5f4c4ebe4a6dcb4b0ace514.tar.zst nixos_system-55daf8a35f4f1761f5f4c4ebe4a6dcb4b0ace514.zip | |
Describe custom gitolite and cgit setup
Replaces short-term Gitea instance on `code.kummerlaender.eu`.
The main reason for implementing this more complex setup is that Gitea
both lacks in features in areas that I care about and provides distracting
features in other areas that I do not use.
e.g. Gitea provides multi-user, discussion and organization support but doesn't provide
Atom feeds which are required for [Overview](https://tree.kummerlaender.eu/projects/xslt/overview/).
This is why exposing [gitolite](http://gitolite.com)-managed repositories
via [cgit](https://git.zx2c4.com/cgit/about/) is a better fit for my usecases.
Note that gitolite is further configured outside of Nix through its own admin repository.
As a side benefit `pkgs.kummerlaender.eu` now provides further archive
formats of its Nix expressions which simplifies Nix channel usage.
| -rw-r--r-- | host/software/server/git.nix | 122 | ||||
| -rw-r--r-- | host/software/server/website.nix | 16 | 
2 files changed, 105 insertions, 33 deletions
| diff --git a/host/software/server/git.nix b/host/software/server/git.nix index 4eedb53..209a318 100644 --- a/host/software/server/git.nix +++ b/host/software/server/git.nix @@ -1,38 +1,100 @@  { pkgs, ... }:  { -  services = { -    gitea = { -      enable = true; -      database.type = "sqlite3"; - -      appName = "~/projects"; -      domain  = "code.kummerlaender.eu"; -      rootUrl = "https://code.kummerlaender.eu/"; -      httpPort = 3000; - -      extraConfig = '' -        [server] -        LANDING_PAGE = "explore" -        [service] -        DISABLE_REGISTRATION = true -        SHOW_REGISTRATION_BUTTON = false -        [other] -        SHOW_FOOTER_VERSION = false -        SHOW_FOOTER_TEMPLATE_LOAD_TIME = false -        [api] -        ENABLE_SWAGGER_ENDPOINT = false -        [picture] -        DISABLE_GRAVATAR = true -        [indexer] -        REPO_INDEXER_ENABLED = true -      ''; +  services.uwsgi = { +    enable = true; +    user  = "nginx"; +    group = "nginx"; +    plugins = [ "cgi" ]; + +    instance = { +      type = "emperor"; +      vassals = { +        cgit = { +          type = "normal"; +          master = "true"; +          socket = "/run/uwsgi/cgit.sock"; +          procname-master = "uwsgi cgit"; +          plugins = [ "cgi" ]; +          cgi = "${pkgs.cgit}/cgit/cgit.cgi"; +        }; +      };      }; +  }; + +  services.gitolite = { +    enable = true; +    user  = "git"; +    group = "git"; +    adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDy2h3NXWVW7BlEehCCgQ3ZMq64rqxoI70dg9Zq3SdIWcqunkWsHGSmzXbxM0ZCD2/VWNVrvShusg0dDSOwV64HUxIuDWpM6gCvg5MKBS0ZMwb9831d0ybf6kU/gppJGyM7R9HspB69C9pnKBB6vUUXd/TgmjhiAHPCwbq/vgWRN7yYGwB/tc7pRiugk6tyfgvXvFCnQXZLoPSx0qBF3L6YyRzbtL5sI7KoN/gCzgqnT0H91vhxkjXrPN+GnW43lcbaqApd3gd0NmMaWNxR6ZKnXFFcUPI72cbBmhe3+t15pF9ZUYZ0sKSfbgOZx0vHLiS69Dr63L6gVNGNx7B/yxC3 common@asterix"; +    extraGitoliteRc = '' +      $RC{UMASK} = 0027; +      $RC{GIT_CONFIG_KEYS} = '.*'; +    ''; +  }; -    nginx.virtualHosts."code.kummerlaender.eu" = { -      addSSL     = true; -      enableACME = true; -      locations."/".proxyPass = "http://localhost:3000/"; +  users.extraUsers.nginx.extraGroups = [ "git" ]; + +  services.nginx.virtualHosts."code.kummerlaender.eu" = { +    addSSL     = true; +    enableACME = true; +    root = "${pkgs.cgit}/cgit"; +    locations = { +      "/" = { +        extraConfig = '' +          try_files $uri @cgit; +        ''; +      }; +      "@cgit" = { +        extraConfig = '' +          uwsgi_pass unix:/run/uwsgi/cgit.sock; +          include ${pkgs.nginx}/conf/uwsgi_params; +          uwsgi_modifier1 9; +        ''; +      }; +    };  +  }; + +  systemd.services.create-cgit-cache = { +    description = "Create cache directory for cgit"; +    enable = true; +    wantedBy = [ "uwsgi.service" ]; +    serviceConfig = { +      type = "oneshot";      }; +    script = '' +      mkdir /run/cgit +      chown -R nginx:nginx /run/cgit +    '';    }; + +  environment.etc."cgitrc".text = '' +    virtual-root=/ + +    cache-size=1000 +    cache-root=/run/cgit + +    root-title=~/projects +    root-desc=code.kummerlaender.eu +    footer= + +    enable-index-owner=0 +    enable-http-clone=1 +    noplainemail=1 + +    max-atom-items=50 + +    enable-git-config=1 +    enable-gitweb-owner=1 +    remove-suffix=1 + +    snapshots=all +    readme=master:README.md + +    source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py +    about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + +    project-list=/var/lib/gitolite/projects.list +    scan-path=/var/lib/gitolite/repositories +  '';  } diff --git a/host/software/server/website.nix b/host/software/server/website.nix index c347c25..2e2b9e3 100644 --- a/host/software/server/website.nix +++ b/host/software/server/website.nix @@ -5,19 +5,27 @@      isNormalUser = true;      uid          = 2000;      shell        = pkgs.fish; -    home         = "/home/public";    };    # `public` generates websites using their custom derivations via `nix-build`    services.nginx.virtualHosts = let +      default = locations: {        inherit locations;        addSSL     = true;        enableACME = true;      }; +      website = sub: default {        "/".root = "/home/public/${sub}/result";      }; + +    proxy = target: { +      proxyPass  = target; +      extraConfig = '' +        proxy_set_header Host code.kummerlaender.eu; +      ''; +    };    in {      "kummerlaender.eu"        = website "overview";      "blog.kummerlaender.eu"   = website "blog"; @@ -25,8 +33,10 @@      "static.kummerlaender.eu" = website "static";      "pkgs.kummerlaender.eu" = default { -      "/".root                     = "/home/public/pkgs/result"; -      "/nixexprs.tar.gz".proxyPass = "http://localhost:3000/adrian/pkgs/archive/master.tar.gz"; +      "/".root = "/home/public/pkgs/result"; +      "/nixexprs.tar.gz"  = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.gz"; +      "/nixexprs.tar.xz"  = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.xz"; +      "/nixexprs.tar.bz2" = proxy "http://code.kummerlaender.eu/pkgs/snapshot/master.tar.bz2";      };    };  } | 
