diff options
| author | Alyssa Ross <hi@alyssa.is> | 2024-01-02 17:33:32 +0100 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2024-01-02 17:34:37 +0100 |
| commit | 0b89e435919ff3167bc8987e86c775561bd6cf2b (patch) | |
| tree | 8c3b54467d6460e15cd65333b861f24ceb1f3cd4 /modules | |
| parent | 432f40c07fa5d4951d5f8b1d5c55aa361f400608 (diff) | |
| download | nixlib-0b89e435919ff3167bc8987e86c775561bd6cf2b.tar nixlib-0b89e435919ff3167bc8987e86c775561bd6cf2b.tar.gz nixlib-0b89e435919ff3167bc8987e86c775561bd6cf2b.tar.bz2 nixlib-0b89e435919ff3167bc8987e86c775561bd6cf2b.tar.lz nixlib-0b89e435919ff3167bc8987e86c775561bd6cf2b.tar.xz nixlib-0b89e435919ff3167bc8987e86c775561bd6cf2b.tar.zst nixlib-0b89e435919ff3167bc8987e86c775561bd6cf2b.zip | |
modules/cgit: run CGI through lighttpd
Running each cgit request in its own unit means that they can be timed out, which isn't supported by cgiserver.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/server/cgit/default.nix | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/modules/server/cgit/default.nix b/modules/server/cgit/default.nix index b7c3c56389db..aba0d1b54c5d 100644 --- a/modules/server/cgit/default.nix +++ b/modules/server/cgit/default.nix @@ -23,7 +23,7 @@ let tryFiles = "$uri @${name}-cgit"; }; "@${name}-cgit" = { - proxyPass = "http://unix:/run/cgiserver/cgit/${name}.sock"; + proxyPass = "http://unix:/run/cgit/${name}.sock"; }; } // optionalAttrs (unslashedPath != "") { ${unslashedPath} = { @@ -72,13 +72,6 @@ in description = mdDoc "cgit package to use"; }; - cgiserver = mkOption { - type = types.package; - default = pkgs.cgiserver; - defaultText = literalExpression "pkgs.cgiserver"; - description = mdDoc "cgiserver package to use"; - }; - config = mkOption { type = types.package; description = mdDoc '' @@ -98,19 +91,42 @@ in services.nginx.virtualHosts = vhostConfigs; systemd.services = flip mapAttrs' cfg.instances (name: instance: { - name = "cgit-${name}"; + name = "lighttpd-${name}@"; value = { - environment.CGIT_CONFIG = instance.config; + unitConfig.CollectMode = "inactive-or-failed"; + serviceConfig.StandardInput = "socket"; + serviceConfig.StandardOutput = "socket"; + serviceConfig.StandardError = "journal"; serviceConfig.DynamicUser = true; - serviceConfig.ExecStart = "${instance.cgiserver}/bin/cgiserver -r ${instance.path}/ ${instance.package}/cgit/cgit.cgi"; + serviceConfig.Type = "oneshot"; + serviceConfig.TimeoutSec = "30"; + serviceConfig.ExecStart = "${lib.getExe pkgs.lighttpd} -1 -f ${pkgs.writeText "lighttpd-${name}.conf" '' + server.modules = ( "mod_alias", "mod_setenv", "mod_cgi" ) + + server.document-root = "/var/empty" + + alias.url = ( + "${if instance.path == "/" then "" else instance.path}" => + "${instance.package}/cgit/cgit.cgi" + ) + + cgi.assign = ( + "cgit.cgi" => "${instance.package}/cgit/cgit.cgi" + ) + + setenv.add-environment = ( + "CGIT_CONFIG" => "${instance.config}" + ) + ''}"; }; }); systemd.sockets = flip mapAttrs' cfg.instances (name: instance: { - name = "cgit-${name}"; + name = "lighttpd-${name}"; value = { wantedBy = [ "sockets.target" ]; - socketConfig.ListenStream = "/run/cgiserver/cgit/${name}.sock"; + socketConfig.ListenStream = "/run/cgit/${name}.sock"; + socketConfig.Accept = "yes"; }; }); }; |