blob: 880842b539e6ae7520858e1dafcc24cbc1a9cbde (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
# SPDX-FileCopyrightText: V <v@unfathomable.blue>
# SPDX-FileCopyrightText: edef <edef@unfathomable.blue>
# SPDX-License-Identifier: OSL-3.0
{ lib, pkgs, ... }:
with lib;
let
cgit-webroot = pkgs.runCommand "cgit-webroot" {
extraStyles = ''
div#cgit table#header td.logo {
width: 64px;
}
#summary {
max-width: 72ch;
margin: auto;
font-size: initial;
}
'';
passAsFile = [ "extraStyles" ];
} ''
${pkgs.minify}/bin/minify --type css ${pkgs.cgit}/cgit/cgit.css $extraStylesPath -o $out/cgit.css
cp ${./un.svg} $out/un.svg # TODO(V): remove this variant, apply padding to the Sigil using CSS
cp ${./unicon.svg} $out/unicon.svg # This is the same as un.svg, but without any padding
cp ${./ripple.svg} $out/ripple.svg # This is referenced in git.nix (as config.cgit.logo, for Ripple)
cp ${pkgs.cgit}/cgit/robots.txt $out
'';
cgit-about-filter = pkgs.writeShellScript "cgit-about-filter" ''
# Asciidoctor's embedded mode defaults to eliding the top-level heading, for some reason.
# Fortunately we can change this behaviour using the showtitle attribute.
# See also: https://github.com/asciidoctor/asciidoctor/issues/1149
${pkgs.asciidoctor}/bin/asciidoctor -e -a showtitle -
'';
cgit-config = pkgs.writeText "cgit-config" ''
# TODO(V): sort these sanely
root-title=unfathomable software
root-desc=sufficiently advanced technology
# TODO(V): root-readme? what should go in here, contribution info? info about the server? info about the branch conventions?
enable-index-owner=0
logo=/un.svg
favicon=/unicon.svg
# TODO(V): footer=https://src.unfathomable.blue/nixos-config/commit/?id={commit}
mimetype-file=${pkgs.mime-types}/etc/mime.types
# TODO(V): repository-sort=age?
# TODO(V): robots=none? (same as noindex, nofollow)
readme=:README.adoc
clone-prefix=https://src.unfathomable.blue
agefile=info/last-modified
about-filter=${cgit-about-filter}
# TODO(edef): commit-filter, for bug tracker links
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
# TODO(edef): add snapshots once we start releasing things
# TODO(V): branch-sort=age?
enable-git-config=1
# Has to go last.
# Options set after this won't be applied due to how they're evaluated.
scan-path=/var/lib/git
# TODO(V): section-from-path?
# TODO(V): repository-specific logos
# TODO(V): other repository-specific options
'';
in {
services.cgiserver.instances.cgit = {
description = "Lightweight Git web interface";
application = "${pkgs.cgit}/cgit/cgit.cgi";
environment.CGIT_CONFIG = "${cgit-config}";
serviceConfig.SupplementaryGroups = [ "git" ];
# TODO(V): Hardening options
};
# TODO(V): set up git-http-backend. Disable enable-http-clone when we've done that?
services.caddy.config = ''
src.unfathomable.blue {
import common
root * ${cgit-webroot}
@exists file
route {
file_server @exists
reverse_proxy unix//run/cgit/cgit.sock
}
}
'';
declarative.git.hooks.post-receive = [
# Regenerate the static pack and ref indices used by the dumb git protocol
# TODO(V): Remove this once we set up git-http-backend
(pkgs.writeShellScript "update-server-info" ''
git update-server-info
'')
# Update the last-modified timestamp that cgit uses to measure freshness
(pkgs.writeShellScript "update-agefile" ''
git for-each-ref \
--sort=-creatordate --count=1 \
--format='%(creatordate:iso)' \
>info/last-modified
'')
];
}
|
