summary refs log tree commit diff
path: root/nixos/modules/services/web-servers
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/web-servers')
-rw-r--r--nixos/modules/services/web-servers/nginx/default.nix9
-rw-r--r--nixos/modules/services/web-servers/nginx/gitweb.nix29
2 files changed, 17 insertions, 21 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index dee877f1c114..938a8a1fe334 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -9,15 +9,16 @@ let
       serverName = if vhostConfig.serverName != null
         then vhostConfig.serverName
         else vhostName;
+      acmeDirectory = config.security.acme.directory;
     in
     vhostConfig // {
       inherit serverName;
     } // (optionalAttrs vhostConfig.enableACME {
-      sslCertificate = "/var/lib/acme/${serverName}/fullchain.pem";
-      sslCertificateKey = "/var/lib/acme/${serverName}/key.pem";
+      sslCertificate = "${acmeDirectory}/${serverName}/fullchain.pem";
+      sslCertificateKey = "${acmeDirectory}/${serverName}/key.pem";
     }) // (optionalAttrs (vhostConfig.useACMEHost != null) {
-      sslCertificate = "/var/lib/acme/${vhostConfig.useACMEHost}/fullchain.pem";
-      sslCertificateKey = "/var/lib/acme/${vhostConfig.useACMEHost}/key.pem";
+      sslCertificate = "${acmeDirectory}/${vhostConfig.useACMEHost}/fullchain.pem";
+      sslCertificateKey = "${acmeDirectory}/${vhostConfig.useACMEHost}/key.pem";
     })
   ) cfg.virtualHosts;
   enableIPv6 = config.networking.enableIPv6;
diff --git a/nixos/modules/services/web-servers/nginx/gitweb.nix b/nixos/modules/services/web-servers/nginx/gitweb.nix
index 344c1f7b8aa4..3dc3ebc7e4c2 100644
--- a/nixos/modules/services/web-servers/nginx/gitweb.nix
+++ b/nixos/modules/services/web-servers/nginx/gitweb.nix
@@ -22,36 +22,31 @@ in
 
   config = mkIf config.services.nginx.gitweb.enable {
 
-    systemd.sockets.gitweb = {
-      description = "GitWeb Listen Socket";
-      listenStreams = [ "/run/gitweb.sock" ];
-      socketConfig = {
-        Accept = "false";
-        SocketUser = "nginx";
-        SocketGroup = "nginx";
-        SocketMode = "0600";
-      };
-      wantedBy = [ "sockets.target" ];
-    };
     systemd.services.gitweb = {
       description = "GitWeb service";
-      script = "${git}/share/gitweb/gitweb.cgi --fcgi";
+      script = "${pkgs.git}/share/gitweb/gitweb.cgi --fastcgi --nproc=1";
+      environment  = {
+        FCGI_SOCKET_PATH = "/run/gitweb/gitweb.sock";
+      };
       serviceConfig = {
-        Type = "simple";
-        StandardInput = "socket";
         User = "nginx";
         Group = "nginx";
+        RuntimeDirectory = [ "gitweb" ];
       };
+      wantedBy = [ "multi-user.target" ];
     };
 
     services.nginx = {
       virtualHosts.default = {
-        locations."/gitweb" = {
-          root = "${pkgs.git}/share/gitweb";
+        locations."/gitweb/" = {
+          root = "${pkgs.git}/share";
+          tryFiles = "$uri @gitweb";
+        };
+        locations."@gitweb" = {
           extraConfig = ''
             include ${pkgs.nginx}/conf/fastcgi_params;
             fastcgi_param GITWEB_CONFIG ${cfg.gitwebConfigFile};
-            fastcgi_pass unix:/run/gitweb.sock;
+            fastcgi_pass unix:/run/gitweb/gitweb.sock;
           '';
         };
       };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-22 18:41:45 +0000