diff options
Diffstat (limited to 'modules/cgit.nix')
| -rw-r--r-- | modules/cgit.nix | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/modules/cgit.nix b/modules/cgit.nix new file mode 100644 index 0000000..1e62631 --- /dev/null +++ b/modules/cgit.nix @@ -0,0 +1,137 @@ +{ pkgs, lib, config, ... }: +let + cfg = config.teh-nix.services.cgit; + cgitrc = pkgs.writeText "cgitrc" '' +css=/static/cgit.css +logo=/static/cgit.png +favicon=/static/favicon.ico +repository-sort=age + +root-title=${cfg.title} +root-desc=${cfg.description} + +enable-blame=1 +enable-commit-graph=1 +enable-log-filecount=1 +enable-log-linecount=1 +enable-index-links=1 + +snapshots=tar.gz zip +enable-http-clone=1 +clone-prefix=https://${cfg.domain} + +readme=:README +readme=:readme +readme=:readme.txt +readme=:README.txt +readme=:readme.md +readme=:README.md + +${cfg.extraConfig} + +about-filter=${cfg.package}/lib/cgit/filters/about-formatting.sh +source-filter=${cfg.package}/lib/cgit/filters/syntax-highlighting.py + +enable-git-config=1 +scan-path=${cfg.directory} +''; +in +{ + options.teh-nix.services.cgit = with lib;{ + enable = mkEnableOption "Enable cgit"; + user = mkOption { + type = types.str; + default = "cgit"; + description = "Username for the user that will run cgit"; + }; + authorizedKeys = lib.mkOption { + type = types.listOf types.str; + default = [ ]; + description = "List of ssh keys for the cgit user (cgit user should own all repos)"; + }; + authorizedUsers = lib.mkOption { + type = types.listOf types.str; + default = [ ]; + description = "List of users that should have access to the cgit directory"; + }; + directory = mkOption { + type = types.str; + default = "/srv/cgit/repos"; + description = "Directory for cgit (cgit user's home directory"; + }; + description = mkOption { + type = types.str; + default = "Cgit instance hosted with nixos"; + description = "Description of the cgit website"; + }; + title = mkOption { + type = types.str; + default = "Cgit + Nix"; + description = "Title of the cgit website"; + }; + domain = mkOption { + type = types.str; + default = "git.example.com"; + description = "Domain to host it on"; + }; + package = mkPackageOption pkgs "cgit" { }; + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Extra config to be appended to cgitrc"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ pkgs.git cfg.package ]; + users = { + groups.${cfg.user} = { + members = cfg.authorizedUsers; + }; + users.${cfg.user} = { + createHome = true; + homeMode = "770"; + home = cfg.directory; + isSystemUser = true; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = cfg.authorizedKeys; + group = cfg.user; + }; + }; + + + services.fcgiwrap.instances.cgit = { + socket = { + user = cfg.user; + group = "nginx"; + type = "unix"; + mode = "0660"; + }; + process = { + user = cfg.user; + group = cfg.user; + }; + }; + + services.nginx.enable = true; + services.nginx.virtualHosts.${cfg.domain} = { + locations."~* ^/static/(.+.(ico|css|png))$" = { + extraConfig = '' +alias ${cfg.package}/cgit/$1; +''; + }; + locations."/" = { + extraConfig = '' +include ${pkgs.nginx}/conf/fastcgi_params; +fastcgi_param CGIT_CONFIG ${cgitrc}; +fastcgi_param SCRIPT_FILENAME ${cfg.package}/cgit/cgit.cgi; +fastcgi_split_path_info ^(/?)(.+)$; +fastcgi_param PATH_INFO $fastcgi_path_info; +fastcgi_param QUERY_STRING $args; +fastcgi_param HTTP_HOST $server_name; +fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; + ''; + }; + }; + }; +} |