summaryrefslogtreecommitdiff
path: root/Biz
diff options
context:
space:
mode:
Diffstat (limited to 'Biz')
-rw-r--r--Biz/Bild/Sources.json6
-rw-r--r--Biz/Cloud/Git.nix12
-rw-r--r--Biz/Cloud/Web.nix60
3 files changed, 46 insertions, 32 deletions
diff --git a/Biz/Bild/Sources.json b/Biz/Bild/Sources.json
index eaf19ba..1e01893 100644
--- a/Biz/Bild/Sources.json
+++ b/Biz/Bild/Sources.json
@@ -104,10 +104,10 @@
"name": "nixpkgs",
"owner": "simatime",
"repo": "git://simatime.com/nixpkgs.git",
- "rev": "c8e39e6e43869a845c6dee43f55f2060d7751966",
- "sha256": "0l0qswvn8d132h771mm1vnqf8fbljg3j0f5yk42qkbcywiymsdlq",
+ "rev": "da6c3c99661e0d8cd8d7ef6add6e181eed8e21d5",
+ "sha256": "1h3c2a8hpm4wmf0v61psb4m97frpdxvw29a9r1wrlcng0x9sak5h",
"type": "tarball",
- "url": "https://simatime.com/archive/nixpkgs/biz/c8e39e6e43869a845c6dee43f55f2060d7751966.tar.gz",
+ "url": "https://simatime.com/archive/nixpkgs/biz/da6c3c99661e0d8cd8d7ef6add6e181eed8e21d5.tar.gz",
"url_template": "https://simatime.com/archive/<name>/<branch>/<rev>.tar.gz"
},
"regex-applicative": {
diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix
index 4dde27f..fd7c8a2 100644
--- a/Biz/Cloud/Git.nix
+++ b/Biz/Cloud/Git.nix
@@ -10,8 +10,11 @@ in {
dataDir = root;
user = "git";
group = "git";
+ # the umask is necessary to give the git group read permissions, otherwise
+ # git-daemon et al can't access the repos
extraGitoliteRc = ''
$RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
+ $RC{UMASK} = 0027;
'';
adminPubkey = lib.trivial.pipe ../Keys/Ben.pub [
builtins.readFile
@@ -24,22 +27,19 @@ in {
gitDaemon = {
enable = true;
basePath = "${root}/repositories";
- repositories = map (p: "${root}/repositories/${p}") [
- "nixpkgs.git"
- "ben/bin.git"
- "ben/cfg.git"
- ];
listenAddress = "simatime.com";
user = "gitDaemon";
group = "gitDaemon";
};
};
+ # need to specify that these users can access git files by being part of the
+ # git group
users.users = {
gitDaemon = {
- #uid = config.ids.uids.gitDaemon;
description = "Git daemon user";
extraGroups = [ "git" ];
};
+ "nginx".extraGroups = [ "git" ];
};
users.groups = {
gitDaemon = {};
diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix
index cba8b2f..3ee6149 100644
--- a/Biz/Cloud/Web.nix
+++ b/Biz/Cloud/Web.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:
let
rootDomain = config.networking.domain;
@@ -34,30 +34,44 @@ in
virtualHosts = {
${rootDomain} = {
- locations."/archive.*" = {
- root = "/srv/www/simatime.com/archive";
- extraConfig = ''
- autoindex on;
- '';
- };
-
- locations."/" = {
- root = "/srv/www/simatime.com";
- extraConfig = ''
- autoindex on;
- '';
- };
-
- # serve /~$USER paths
- locations."~ ^/~(.+?)(/.*)?$" = {
- alias = "/srv/www/$1$2";
- index = "index.html index.htm";
- extraConfig = ''
- autoindex on;
- '';
- };
forceSSL = true;
enableACME = true;
+ locations = {
+ "/" = {
+ root = "/srv/www/simatime.com";
+ extraConfig = ''
+ autoindex on;
+ '';
+ };
+ # serve /~$USER paths
+ "~ ^/~(.+?)(/.*)?$" = {
+ alias = "/srv/www/$1$2";
+ index = "index.html index.htm";
+ extraConfig = ''
+ autoindex on;
+ '';
+ };
+ };
+ cgit = {
+ enable = true;
+ location = "/git";
+ virtual-root = "/git";
+ css = "/git/cgit.css";
+ logo = "/git/cgit.png";
+ root-title = "ben's git repos";
+ clone-url = lib.strings.concatStringsSep " " [
+ "https://$HTTP_HOST/git/$CGIT_REPO_URL"
+ "git://$HTTP_HOST/$CGIT_REPO_URL"
+ "git@$HTTP_HOST:$CGIT_REPO_URL"
+ ];
+ include = [
+ # these depend on order, scan-path must come last
+ (builtins.toFile "cgitrc" ''
+ strict-export=git-daemon-export-ok
+ scan-path=/srv/git/repositories
+ '')
+ ];
+ };
};
"bsima.me" = {