From ec0965e2672899d25a5a3a8c072de3ea734076a2 Mon Sep 17 00:00:00 2001
From: V <v@unfathomable.blue>
Date: Wed, 9 Jun 2021 15:43:16 +0200
Subject: fleet: init

Co-authored-by: edef <edef@unfathomable.blue>
Change-Id: I36d2c4cca542ed91630b1b832f3c7a7b97b33c65
---
 fleet/hosts/trieste/cgit/default.nix | 107 +++++++++++++++++++++++++++++++++++
 fleet/hosts/trieste/cgit/ripple.svg  |   8 +++
 fleet/hosts/trieste/cgit/un.svg      |   6 ++
 fleet/hosts/trieste/cgit/unicon.svg  |   6 ++
 4 files changed, 127 insertions(+)
 create mode 100644 fleet/hosts/trieste/cgit/default.nix
 create mode 100644 fleet/hosts/trieste/cgit/ripple.svg
 create mode 100644 fleet/hosts/trieste/cgit/un.svg
 create mode 100644 fleet/hosts/trieste/cgit/unicon.svg

(limited to 'fleet/hosts/trieste/cgit')

diff --git a/fleet/hosts/trieste/cgit/default.nix b/fleet/hosts/trieste/cgit/default.nix
new file mode 100644
index 0000000..23e8ab6
--- /dev/null
+++ b/fleet/hosts/trieste/cgit/default.nix
@@ -0,0 +1,107 @@
+# SPDX-FileCopyrightText: V <v@unfathomable.blue>
+# SPDX-FileCopyrightText: edef <edef@unfathomable.blue>
+# SPDX-License-Identifier: OSL-3.0
+
+{ lib, pkgs, ... }:
+
+with lib;
+
+let
+  cgit-webroot = pkgs.runCommand "cgit-webroot" {
+    extraStyles = ''
+      div#cgit table#header td.logo {
+        width: 64px;
+      }
+
+      #summary {
+        max-width: 72ch;
+        margin: auto;
+        font-size: initial;
+      }
+    '';
+    passAsFile = [ "extraStyles" ];
+  } ''
+    ${pkgs.minify}/bin/minify --type css ${pkgs.cgit}/cgit/cgit.css $extraStylesPath -o $out/cgit.css
+    cp ${./un.svg} $out/un.svg  # TODO(V): remove this variant, apply padding to the Sigil using CSS
+    cp ${./unicon.svg} $out/unicon.svg  # This is the same as un.svg, but without any padding
+    cp ${./ripple.svg} $out/ripple.svg  # This is referenced in git.nix (as config.cgit.logo, for Ripple)
+    cp ${pkgs.cgit}/cgit/robots.txt $out
+  '';
+
+  cgit-about-filter = pkgs.writeShellScript "cgit-about-filter" ''
+    # Asciidoctor's embedded mode defaults to eliding the top-level heading, for some reason.
+    # Fortunately we can change this behaviour using the showtitle attribute.
+    # See also: https://github.com/asciidoctor/asciidoctor/issues/1149
+    ${pkgs.asciidoctor}/bin/asciidoctor -e -a showtitle -
+  '';
+
+  cgit-config = pkgs.writeText "cgit-config" ''
+    # TODO(V): sort these sanely
+    root-title=unfathomable software
+    root-desc=
+    # TODO(V): root-readme? what should go in here, contribution info? info about the server? info about the branch conventions?
+    enable-index-owner=0
+
+    logo=/un.svg
+    favicon=/unicon.svg
+    # TODO(V): footer=https://src.unfathomable.blue/nixos-config/commit/?id={commit}
+    mimetype-file=${pkgs.mime-types}/etc/mime.types
+    # TODO(V): repository-sort=age?
+    # TODO(V): robots=none? (same as noindex, nofollow)
+    readme=:README.adoc
+    clone-prefix=https://src.unfathomable.blue
+    agefile=info/last-modified
+    about-filter=${cgit-about-filter}
+    # TODO(edef): commit-filter, for bug tracker links
+    source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+    # TODO(edef): add snapshots once we start releasing things
+    # TODO(V): branch-sort=age?
+    enable-git-config=1
+
+    # Has to go last.
+    # Options set after this won't be applied due to how they're evaluated.
+    scan-path=/var/lib/git
+    # TODO(V): section-from-path?
+    # TODO(V): repository-specific logos
+    # TODO(V): other repository-specific options
+  '';
+in {
+  services.cgiserver.instances.cgit = {
+    description = "Lightweight Git web interface";
+    application = "${pkgs.cgit}/cgit/cgit.cgi";
+    environment.CGIT_CONFIG = "${cgit-config}";
+    serviceConfig.SupplementaryGroups = [ "git" ];
+    # TODO(V): Hardening options
+  };
+
+  # TODO(V): set up git-http-backend. Disable enable-http-clone when we've done that?
+  services.caddy.config = ''
+    src.unfathomable.blue {
+      import common
+
+      root * ${cgit-webroot}
+      @exists file
+
+      route {
+        file_server @exists
+        reverse_proxy unix//run/cgit/cgit.sock
+      }
+    }
+  '';
+
+  declarative.git.hooks.post-receive = [
+    # Regenerate the static pack and ref indices used by the dumb git protocol
+    # TODO(V): Remove this once we set up git-http-backend
+    (pkgs.writeShellScript "update-server-info" ''
+      git update-server-info
+    '')
+
+    # Update the last-modified timestamp that cgit uses to measure freshness
+    (pkgs.writeShellScript "update-agefile" ''
+      git for-each-ref \
+        --sort=-creatordate --count=1 \
+        --format='%(creatordate:iso)' \
+        >info/last-modified
+    '')
+  ];
+}
diff --git a/fleet/hosts/trieste/cgit/ripple.svg b/fleet/hosts/trieste/cgit/ripple.svg
new file mode 100644
index 0000000..243059f
--- /dev/null
+++ b/fleet/hosts/trieste/cgit/ripple.svg
@@ -0,0 +1,8 @@
+<!-- SPDX-FileCopyrightText: V <v@unfathomable.blue> -->
+<!-- SPDX-License-Identifier: LicenseRef-NONE -->
+
+<svg xmlns="http://www.w3.org/2000/svg" width="64" height="64">
+  <circle cx="32" cy="32" r="8"/>
+  <path d="M17.28 38.2l3.5-2.03A12 12 0 0120 32a12 12 0 0110-11.82v-4.04A16 16 0 0016 32a16 16 0 001.28 6.2zM44.71 41.65l-3.5-2.02A12 12 0 0132 44a12 12 0 01-9.21-4.37l-3.5 2.02A16 16 0 0032 48a16 16 0 0012.71-6.35zM34 16.13v4.04A12 12 0 0144 32a12 12 0 01-.78 4.17l3.5 2.02A16 16 0 0048 32a16 16 0 00-14-15.87z" color="#000"/>
+  <path d="M10.3 42.22l3.51-2.03A20 20 0 0112 32a20 20 0 0118-19.84V8.14A24 24 0 008 32a24 24 0 002.3 10.22zM51.67 45.67l-3.44-1.99A20 20 0 0132 52a20 20 0 01-16.23-8.32l-3.44 1.99A24 24 0 0032 56a24 24 0 0019.67-10.33zM34 8.09v4.01A20 20 0 0152 32a20 20 0 01-1.81 8.2l3.5 2.02A24 24 0 0056 32 24 24 0 0034 8.09z" color="#000"/>
+</svg>
diff --git a/fleet/hosts/trieste/cgit/un.svg b/fleet/hosts/trieste/cgit/un.svg
new file mode 100644
index 0000000..a6201bf
--- /dev/null
+++ b/fleet/hosts/trieste/cgit/un.svg
@@ -0,0 +1,6 @@
+<!-- SPDX-FileCopyrightText: V <v@unfathomable.blue> -->
+<!-- SPDX-License-Identifier: LicenseRef-NONE -->
+
+<svg xmlns="http://www.w3.org/2000/svg" width="64" height="64">
+  <path d="M29.5 47.2v-4.67c-1.26 1.85-2.63 3.23-4.25 4.13c-1.6.89-3.45 1.33-5.57 1.33-3.5 0-6.16-1.09-7.98-3.26-1.8-2.18-2.72-5.36-2.72-9.55V16.74H14v18.25c0 2.89.56 5.05 1.69 6.5 1.12 1.44 2.8 2.15 5.06 2.15 2.7 0 4.83-.86 6.39-2.58 1.58-1.72 2.37-4.07 2.37-7.05V16.74h5.03v4.74c1.2-1.84 2.6-3.2 4.22-4.11 1.63-.91 3.5-1.36 5.63-1.36 3.5 0 6.15 1.09 7.94 3.26 1.8 2.16 2.7 5.34 2.7 9.55v18.39H50V28.99c0-2.89-.56-5.05-1.69-6.48-1.12-1.43-2.8-2.15-5.06-2.15-2.7 0-4.83.86-6.39 2.58-1.56 1.73-2.34 4.08-2.34 7.05v17.22H29.5"/>
+</svg>
diff --git a/fleet/hosts/trieste/cgit/unicon.svg b/fleet/hosts/trieste/cgit/unicon.svg
new file mode 100644
index 0000000..4753d6b
--- /dev/null
+++ b/fleet/hosts/trieste/cgit/unicon.svg
@@ -0,0 +1,6 @@
+<!-- SPDX-FileCopyrightText: V <v@unfathomable.blue> -->
+<!-- SPDX-License-Identifier: LicenseRef-NONE -->
+
+<svg xmlns="http://www.w3.org/2000/svg" width="64" height="64">
+  <path d="M28.519 53.125v-6.49c-1.752 2.57-3.656 4.489-5.907 5.74-2.224 1.236-4.795 1.848-7.741 1.848-4.864 0-8.561-1.515-11.09-4.53C1.278 46.662 0 42.242 0 36.42V10.792h6.977v25.363c0 4.017.778 7.019 2.349 9.034 1.556 2.001 3.89 2.988 7.032 2.988 3.752 0 6.713-1.195 8.88-3.585 2.197-2.39 3.294-5.657 3.294-9.799V10.792h6.991v6.587c1.668-2.557 3.614-4.447 5.865-5.712 2.265-1.264 4.864-1.89 7.825-1.89 4.864 0 8.547 1.515 11.035 4.53C62.749 17.31 64 21.73 64 27.58V53.14h-6.99V27.817c0-4.017-.779-7.019-2.35-9.006-1.556-1.988-3.89-2.988-7.032-2.988-3.752 0-6.712 1.195-8.88 3.585-2.169 2.405-3.253 5.67-3.253 9.799v23.932H28.52"/>
+</svg>
-- 
cgit 1.4.1