summary refs log tree commit diff
path: root/fleet/hosts/trieste/cgit/default.nix
blob: 880842b539e6ae7520858e1dafcc24cbc1a9cbde (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# SPDX-FileCopyrightText: V <v@unfathomable.blue>
# SPDX-FileCopyrightText: edef <edef@unfathomable.blue>
# SPDX-License-Identifier: OSL-3.0

{ lib, pkgs, ... }:

with lib;

let
  cgit-webroot = pkgs.runCommand "cgit-webroot" {
    extraStyles = ''
      div#cgit table#header td.logo {
        width: 64px;
      }

      #summary {
        max-width: 72ch;
        margin: auto;
        font-size: initial;
      }
    '';
    passAsFile = [ "extraStyles" ];
  } ''
    ${pkgs.minify}/bin/minify --type css ${pkgs.cgit}/cgit/cgit.css $extraStylesPath -o $out/cgit.css
    cp ${./un.svg} $out/un.svg  # TODO(V): remove this variant, apply padding to the Sigil using CSS
    cp ${./unicon.svg} $out/unicon.svg  # This is the same as un.svg, but without any padding
    cp ${./ripple.svg} $out/ripple.svg  # This is referenced in git.nix (as config.cgit.logo, for Ripple)
    cp ${pkgs.cgit}/cgit/robots.txt $out
  '';

  cgit-about-filter = pkgs.writeShellScript "cgit-about-filter" ''
    # Asciidoctor's embedded mode defaults to eliding the top-level heading, for some reason.
    # Fortunately we can change this behaviour using the showtitle attribute.
    # See also: https://github.com/asciidoctor/asciidoctor/issues/1149
    ${pkgs.asciidoctor}/bin/asciidoctor -e -a showtitle -
  '';

  cgit-config = pkgs.writeText "cgit-config" ''
    # TODO(V): sort these sanely
    root-title=unfathomable software
    root-desc=sufficiently advanced technology
    # TODO(V): root-readme? what should go in here, contribution info? info about the server? info about the branch conventions?
    enable-index-owner=0

    logo=/un.svg
    favicon=/unicon.svg
    # TODO(V): footer=https://src.unfathomable.blue/nixos-config/commit/?id={commit}
    mimetype-file=${pkgs.mime-types}/etc/mime.types
    # TODO(V): repository-sort=age?
    # TODO(V): robots=none? (same as noindex, nofollow)
    readme=:README.adoc
    clone-prefix=https://src.unfathomable.blue
    agefile=info/last-modified
    about-filter=${cgit-about-filter}
    # TODO(edef): commit-filter, for bug tracker links
    source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
    # TODO(edef): add snapshots once we start releasing things
    # TODO(V): branch-sort=age?
    enable-git-config=1

    # Has to go last.
    # Options set after this won't be applied due to how they're evaluated.
    scan-path=/var/lib/git
    # TODO(V): section-from-path?
    # TODO(V): repository-specific logos
    # TODO(V): other repository-specific options
  '';
in {
  services.cgiserver.instances.cgit = {
    description = "Lightweight Git web interface";
    application = "${pkgs.cgit}/cgit/cgit.cgi";
    environment.CGIT_CONFIG = "${cgit-config}";
    serviceConfig.SupplementaryGroups = [ "git" ];
    # TODO(V): Hardening options
  };

  # TODO(V): set up git-http-backend. Disable enable-http-clone when we've done that?
  services.caddy.config = ''
    src.unfathomable.blue {
      import common

      root * ${cgit-webroot}
      @exists file

      route {
        file_server @exists
        reverse_proxy unix//run/cgit/cgit.sock
      }
    }
  '';

  declarative.git.hooks.post-receive = [
    # Regenerate the static pack and ref indices used by the dumb git protocol
    # TODO(V): Remove this once we set up git-http-backend
    (pkgs.writeShellScript "update-server-info" ''
      git update-server-info
    '')

    # Update the last-modified timestamp that cgit uses to measure freshness
    (pkgs.writeShellScript "update-agefile" ''
      git for-each-ref \
        --sort=-creatordate --count=1 \
        --format='%(creatordate:iso)' \
        >info/last-modified
    '')
  ];
}