diff options
-rw-r--r-- | modules/server/cgit/default.nix | 95 | ||||
-rw-r--r-- | modules/server/nginx/default.nix | 2 | ||||
-rw-r--r-- | sys/atuin.nix | 219 |
3 files changed, 172 insertions, 144 deletions
diff --git a/modules/server/cgit/default.nix b/modules/server/cgit/default.nix new file mode 100644 index 000000000000..c09863c34ad3 --- /dev/null +++ b/modules/server/cgit/default.nix @@ -0,0 +1,95 @@ +{ lib, pkgs, config, ... }: + +let + inherit (builtins) split; + inherit (lib) foldr groupBy head mapAttrs mapAttrsToList mkOption nameValuePair + optionalAttrs types; + + cfg = config.services.cgit; + + instancesByVhost = groupBy ({ value, ... }: value.vhost) + (mapAttrsToList nameValuePair cfg.instances); + + vhostConfigs = mapAttrs (vhost: instances: + foldr (l: r: l // r) {} (map ({ name, value }: let + unslashedPath = head (split "/+$" value.path); + # We'll be dealing almost exclusively with paths ending in /, + # since otherwise Nginx likes to do simple prefix matching. + path = "${unslashedPath}/"; + in { + locations = { + ${path} = { + alias = "${value.package}/cgit/"; + tryFiles = "$uri @${name}-cgit"; + }; + "@${name}-cgit" = { + root = "${value.package}/cgit"; + + fastcgiParams.CGIT_CONFIG = "${value.config}"; + fastcgiParams.SCRIPT_FILENAME = "$document_root/cgit.cgi"; + fastcgiParams.PATH_INFO = "$fastcgi_path_info"; + fastcgiParams.QUERY_STRING = "$args"; + fastcgiParams.HTTP_HOST = "$server_name"; + + extraConfig = '' + fastcgi_split_path_info ^(${path})(.*)$; + fastcgi_pass unix:/run/fcgiwrap.sock; + ''; + }; + } // optionalAttrs (unslashedPath != "") { + ${unslashedPath} = { + return = "301 ${path}"; + }; + }; + }) instances) + ) instancesByVhost; +in + +{ + options.services.cgit = { + instances = mkOption { + type = types.attrsOf (types.submodule { + options = { + vhost = mkOption { + type = types.str; + example = "spectrum-os.org"; + description = "Nginx vhost for the cgit"; + }; + + path = mkOption { + type = types.strMatching "/(.*[^/])?"; + default = "/"; + example = "/git"; + description = '' + Path to be appended to all cgit URLs. + + Leading slashes are mandatory; trailing slashes are forbidden. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.cgit; + description = "cgit package to use"; + }; + + config = mkOption { + type = types.package; + description = '' + Configuration file for cgit. See + <citerefentry><refentrytitle>cgitrc</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. + ''; + }; + }; + }); + default = {}; + description = "List of cgit instances to run"; + }; + }; + + config = { + services.fcgiwrap = optionalAttrs (cfg.instances != {}) { enable = true; }; + services.nginx.virtualHosts = vhostConfigs; + }; +} diff --git a/modules/server/nginx/default.nix b/modules/server/nginx/default.nix index 2344197bcff6..2c682204d003 100644 --- a/modules/server/nginx/default.nix +++ b/modules/server/nginx/default.nix @@ -1,8 +1,6 @@ { pkgs, ... }: { - services.fcgiwrap.enable = true; - services.nginx.enable = true; services.nginx.package = pkgs.nginxMainline; diff --git a/sys/atuin.nix b/sys/atuin.nix index b8cb19427edf..3902eb954182 100644 --- a/sys/atuin.nix +++ b/sys/atuin.nix @@ -5,6 +5,7 @@ ../modules/server ../modules/server/dns ../modules/server/irc + ../modules/server/cgit ../modules/server/ftp ../modules/server/nginx ../modules/server/tor @@ -136,6 +137,82 @@ users.groups.tls.members = [ "nginx" ]; users.users.qyliss.home = "/home/qyliss"; + services.cgit.instances.qyliss = { + vhost = "git.qyliss.net"; + config = pkgs.writeText "cgit.conf" '' + clone-prefix=https://git.qyliss.net + css=/cgit.css + enable-blame=1 + enable-commit-graph=1 + enable-follow-links=1 + enable-git-config=1 + enable-index-owner=0 + enable-log-filecount=1 + enable-log-linecount=1 + remove-suffix=1 + root-desc=Alyssa Ross's personal Git repositories + root-title=git.qyliss.net + snapshots=all + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + virtual-root=/ + + scan-path=/home/qyliss/git + ''; + }; + + services.cgit.instances.spectrum = { + vhost = "spectrum-os.org"; + path = "/git"; + config = + let + cgitFooter = pkgs.writeText "cgit-footer.html" '' + <div class="footer">software for Ⓐutonomy</div> + ''; + + spectrumReadme = pkgs.writeText "about.html" '' + <article> + + <h1>Contributing to Spectrum</h1> + + <p> + Want to contribute to Spectrum? We'd love to have you. + Have a look at the <a href="/contributing.html">online + documentation</a>. + + </article> + ''; + in + pkgs.writeText "cgit.conf" '' + clone-prefix=https://spectrum-os.org/git + css=/git/cgit.css + enable-blame=1 + enable-commit-graph=1 + enable-follow-links=1 + enable-git-config=1 + enable-index-owner=0 + enable-log-filecount=1 + enable-log-linecount=1 + footer=${cgitFooter} + remove-suffix=1 + root-desc=Web interface for Spectrum source code + root-readme=${spectrumReadme} + root-title=Spectrum Git Repository Browser + snapshots=all + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + source-filter=${pkgs.runCommandNoCC "source-filter.py" { + nativeBuildInputs = with pkgs; with python3.pkgs; [ wrapPython ]; + } '' + mkdir -p $out/bin + sed s/pastie/friendly/g >$out/bin/syntax-highlighting.py \ + <${pkgs.cgit}/lib/cgit/filters/.syntax-highlighting.py-wrapped + chmod +x $out/bin/syntax-highlighting.py + wrapPythonPrograms + ''}/bin/syntax-highlighting.py + + scan-path=/home/spectrum/git + ''; + }; services.nginx.virtualHosts = let @@ -148,35 +225,8 @@ "spectrum-os.org".locations = { "/".root = "/home/spectrum/www"; - "= /git".return = "301 /git/"; - "= /git/cgit.css".alias = cgitCss.outPath; - "/git/" = { - alias = "${pkgs.cgit}/cgit/"; - tryFiles = "$uri @spectrum-cgit"; - }; - - "@spectrum-cgit" = { - root = "${pkgs.cgit}/cgit"; - - extraConfig = '' - fastcgi_split_path_info ^(/git/)(.*)$; - - ${overrideFastcgiParams { - CGIT_CONFIG = spectrumCgitConfig; - SCRIPT_FILENAME = "$document_root/cgit.cgi"; - SCRIPT_NAME = "$fastcgi_script_name"; - PATH_INFO = "$fastcgi_path_info"; - QUERY_STRING = "$args"; - HTTP_HOST = "$server_name"; - }} - - fastcgi_pass unix:/run/fcgiwrap.sock; - ''; - }; - - "= /lists/archives/public-inbox.css".alias = publicInboxCss.outPath; "/lists/archives".proxyPass = "http://unix:/run/public-inbox-httpd.sock:/lists/archives"; @@ -194,93 +244,12 @@ }; "git.qyliss.net" = { - root = "${pkgs.cgit}/cgit"; - locations = { "= /cgit.css".alias = cgitCss.outPath; - - "@cgit".extraConfig = '' - ${overrideFastcgiParams { - CGIT_CONFIG = cgitConfig; - SCRIPT_FILENAME = "$document_root/cgit.cgi"; - PATH_INFO = "$uri"; - QUERY_STRING = "$args"; - HTTP_HOST = "$server_name"; - }} - - fastcgi_pass unix:/run/fcgiwrap.sock; - ''; }; - - extraConfig = '' - try_files $uri @cgit; - ''; }; }; - cgitConfig = pkgs.writeText "cgit.conf" '' - clone-prefix=https://git.qyliss.net - css=/cgit.css - enable-blame=1 - enable-commit-graph=1 - enable-follow-links=1 - enable-git-config=1 - enable-index-owner=0 - enable-log-filecount=1 - enable-log-linecount=1 - remove-suffix=1 - root-desc=Alyssa Ross's personal Git repositories - root-title=git.qyliss.net - snapshots=all - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - virtual-root=/ - - scan-path=/home/qyliss/git - ''; - - overrideFastcgiParams = with lib; params: concatStrings (mapAttrsToList (n: v: '' - fastcgi_param ${n} ${if v == "" then ''""'' else v}; - '') ({ - SCRIPT_FILENAME = "$document_root$fastcgi_script_name"; - QUERY_STRING = "$query_string"; - REQUEST_METHOD = "$request_method"; - CONTENT_TYPE = "$content_type"; - CONTENT_LENGTH = "$content_length"; - - SCRIPT_NAME = "$fastcgi_script_name"; - REQUEST_URI = "$request_uri"; - DOCUMENT_URI = "$document_uri"; - DOCUMENT_ROOT = "$document_root"; - SERVER_PROTOCOL = "$server_protocol"; - REQUEST_SCHEME = "$scheme"; - HTTPS = "$https if_not_empty"; - - GATEWAY_INTERFACE = "CGI/1.1"; - SERVER_SOFTWARE = "nginx/$nginx_version"; - - REMOTE_ADDR = "$remote_addr"; - REMOTE_PORT = "$remote_port"; - SERVER_ADDR = "$server_addr"; - SERVER_PORT = "$server_port"; - SERVER_NAME = "$server_name"; - - REDIRECT_STATUS = "200"; - } // params)); - - spectrumReadme = pkgs.writeText "about.html" '' - <article> - - <h1>Contributing to Spectrum</h1> - - <p> - Want to contribute to Spectrum? We'd love to have you. - Have a look at the <a href="/contributing.html">online - documentation</a>. - - </article> - ''; - publicInboxCss = pkgs.runCommand "216light.css" {} '' unpackFile ${pkgs.public-inbox.src} cp */contrib/css/216light.css $out @@ -397,40 +366,6 @@ } '' cat $licenseHeaderPath ${pkgs.cgit}/cgit/cgit.css $extraCssPath > $out ''; - - cgitFooter = pkgs.writeText "cgit-footer.html" '' - <div class="footer">software for Ⓐutonomy</div> - ''; - - spectrumCgitConfig = pkgs.writeText "cgit.conf" '' - clone-prefix=https://spectrum-os.org/git - css=/git/cgit.css - enable-blame=1 - enable-commit-graph=1 - enable-follow-links=1 - enable-git-config=1 - enable-index-owner=0 - enable-log-filecount=1 - enable-log-linecount=1 - footer=${cgitFooter} - remove-suffix=1 - root-desc=Web interface for Spectrum source code - root-readme=${spectrumReadme} - root-title=Spectrum Git Repository Browser - snapshots=all - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - source-filter=${pkgs.runCommandNoCC "source-filter.py" { - nativeBuildInputs = with pkgs; with python3.pkgs; [ wrapPython ]; - } '' - mkdir -p $out/bin - sed s/pastie/friendly/g >$out/bin/syntax-highlighting.py \ - <${pkgs.cgit}/lib/cgit/filters/.syntax-highlighting.py-wrapped - chmod +x $out/bin/syntax-highlighting.py - wrapPythonPrograms - ''}/bin/syntax-highlighting.py - - scan-path=/home/spectrum/git - ''; in lib.mapAttrs ( _: { forceSSL ? true, enableACME ? true, ... } @ args: |