From 6729ea1439a3ec60afd84af7b94cb159a0f719b6 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Wed, 28 Apr 2021 00:05:50 -0400 Subject: Publish self-hosted git repos with cgit Also I need more repos... --- Biz/Bild/Sources.json | 6 +++--- Biz/Cloud/Git.nix | 12 +++++------ Biz/Cloud/Web.nix | 60 +++++++++++++++++++++++++++++++-------------------- 3 files changed, 46 insertions(+), 32 deletions(-) (limited to 'Biz') diff --git a/Biz/Bild/Sources.json b/Biz/Bild/Sources.json index eaf19ba..1e01893 100644 --- a/Biz/Bild/Sources.json +++ b/Biz/Bild/Sources.json @@ -104,10 +104,10 @@ "name": "nixpkgs", "owner": "simatime", "repo": "git://simatime.com/nixpkgs.git", - "rev": "c8e39e6e43869a845c6dee43f55f2060d7751966", - "sha256": "0l0qswvn8d132h771mm1vnqf8fbljg3j0f5yk42qkbcywiymsdlq", + "rev": "da6c3c99661e0d8cd8d7ef6add6e181eed8e21d5", + "sha256": "1h3c2a8hpm4wmf0v61psb4m97frpdxvw29a9r1wrlcng0x9sak5h", "type": "tarball", - "url": "https://simatime.com/archive/nixpkgs/biz/c8e39e6e43869a845c6dee43f55f2060d7751966.tar.gz", + "url": "https://simatime.com/archive/nixpkgs/biz/da6c3c99661e0d8cd8d7ef6add6e181eed8e21d5.tar.gz", "url_template": "https://simatime.com/archive///.tar.gz" }, "regex-applicative": { diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix index 4dde27f..fd7c8a2 100644 --- a/Biz/Cloud/Git.nix +++ b/Biz/Cloud/Git.nix @@ -10,8 +10,11 @@ in { dataDir = root; user = "git"; group = "git"; + # the umask is necessary to give the git group read permissions, otherwise + # git-daemon et al can't access the repos extraGitoliteRc = '' $RC{SITE_INFO} = 'a computer is a bicycle for the mind.'; + $RC{UMASK} = 0027; ''; adminPubkey = lib.trivial.pipe ../Keys/Ben.pub [ builtins.readFile @@ -24,22 +27,19 @@ in { gitDaemon = { enable = true; basePath = "${root}/repositories"; - repositories = map (p: "${root}/repositories/${p}") [ - "nixpkgs.git" - "ben/bin.git" - "ben/cfg.git" - ]; listenAddress = "simatime.com"; user = "gitDaemon"; group = "gitDaemon"; }; }; + # need to specify that these users can access git files by being part of the + # git group users.users = { gitDaemon = { - #uid = config.ids.uids.gitDaemon; description = "Git daemon user"; extraGroups = [ "git" ]; }; + "nginx".extraGroups = [ "git" ]; }; users.groups = { gitDaemon = {}; diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix index cba8b2f..3ee6149 100644 --- a/Biz/Cloud/Web.nix +++ b/Biz/Cloud/Web.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: let rootDomain = config.networking.domain; @@ -34,30 +34,44 @@ in virtualHosts = { ${rootDomain} = { - locations."/archive.*" = { - root = "/srv/www/simatime.com/archive"; - extraConfig = '' - autoindex on; - ''; - }; - - locations."/" = { - root = "/srv/www/simatime.com"; - extraConfig = '' - autoindex on; - ''; - }; - - # serve /~$USER paths - locations."~ ^/~(.+?)(/.*)?$" = { - alias = "/srv/www/$1$2"; - index = "index.html index.htm"; - extraConfig = '' - autoindex on; - ''; - }; forceSSL = true; enableACME = true; + locations = { + "/" = { + root = "/srv/www/simatime.com"; + extraConfig = '' + autoindex on; + ''; + }; + # serve /~$USER paths + "~ ^/~(.+?)(/.*)?$" = { + alias = "/srv/www/$1$2"; + index = "index.html index.htm"; + extraConfig = '' + autoindex on; + ''; + }; + }; + cgit = { + enable = true; + location = "/git"; + virtual-root = "/git"; + css = "/git/cgit.css"; + logo = "/git/cgit.png"; + root-title = "ben's git repos"; + clone-url = lib.strings.concatStringsSep " " [ + "https://$HTTP_HOST/git/$CGIT_REPO_URL" + "git://$HTTP_HOST/$CGIT_REPO_URL" + "git@$HTTP_HOST:$CGIT_REPO_URL" + ]; + include = [ + # these depend on order, scan-path must come last + (builtins.toFile "cgitrc" '' + strict-export=git-daemon-export-ok + scan-path=/srv/git/repositories + '') + ]; + }; }; "bsima.me" = { -- cgit v1.2.3