diff options
Diffstat (limited to 'fleet/hosts/trieste/cgit/default.nix')
| -rw-r--r-- | fleet/hosts/trieste/cgit/default.nix | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/fleet/hosts/trieste/cgit/default.nix b/fleet/hosts/trieste/cgit/default.nix new file mode 100644 index 0000000..23e8ab6 --- /dev/null +++ b/fleet/hosts/trieste/cgit/default.nix @@ -0,0 +1,107 @@ +# SPDX-FileCopyrightText: V <v@unfathomable.blue> +# SPDX-FileCopyrightText: edef <edef@unfathomable.blue> +# SPDX-License-Identifier: OSL-3.0 + +{ lib, pkgs, ... }: + +with lib; + +let + cgit-webroot = pkgs.runCommand "cgit-webroot" { + extraStyles = '' + div#cgit table#header td.logo { + width: 64px; + } + + #summary { + max-width: 72ch; + margin: auto; + font-size: initial; + } + ''; + passAsFile = [ "extraStyles" ]; + } '' + ${pkgs.minify}/bin/minify --type css ${pkgs.cgit}/cgit/cgit.css $extraStylesPath -o $out/cgit.css + cp ${./un.svg} $out/un.svg # TODO(V): remove this variant, apply padding to the Sigil using CSS + cp ${./unicon.svg} $out/unicon.svg # This is the same as un.svg, but without any padding + cp ${./ripple.svg} $out/ripple.svg # This is referenced in git.nix (as config.cgit.logo, for Ripple) + cp ${pkgs.cgit}/cgit/robots.txt $out + ''; + + cgit-about-filter = pkgs.writeShellScript "cgit-about-filter" '' + # Asciidoctor's embedded mode defaults to eliding the top-level heading, for some reason. + # Fortunately we can change this behaviour using the showtitle attribute. + # See also: https://github.com/asciidoctor/asciidoctor/issues/1149 + ${pkgs.asciidoctor}/bin/asciidoctor -e -a showtitle - + ''; + + cgit-config = pkgs.writeText "cgit-config" '' + # TODO(V): sort these sanely + root-title=unfathomable software + root-desc= + # TODO(V): root-readme? what should go in here, contribution info? info about the server? info about the branch conventions? + enable-index-owner=0 + + logo=/un.svg + favicon=/unicon.svg + # TODO(V): footer=https://src.unfathomable.blue/nixos-config/commit/?id={commit} + mimetype-file=${pkgs.mime-types}/etc/mime.types + # TODO(V): repository-sort=age? + # TODO(V): robots=none? (same as noindex, nofollow) + readme=:README.adoc + clone-prefix=https://src.unfathomable.blue + agefile=info/last-modified + about-filter=${cgit-about-filter} + # TODO(edef): commit-filter, for bug tracker links + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + # TODO(edef): add snapshots once we start releasing things + # TODO(V): branch-sort=age? + enable-git-config=1 + + # Has to go last. + # Options set after this won't be applied due to how they're evaluated. + scan-path=/var/lib/git + # TODO(V): section-from-path? + # TODO(V): repository-specific logos + # TODO(V): other repository-specific options + ''; +in { + services.cgiserver.instances.cgit = { + description = "Lightweight Git web interface"; + application = "${pkgs.cgit}/cgit/cgit.cgi"; + environment.CGIT_CONFIG = "${cgit-config}"; + serviceConfig.SupplementaryGroups = [ "git" ]; + # TODO(V): Hardening options + }; + + # TODO(V): set up git-http-backend. Disable enable-http-clone when we've done that? + services.caddy.config = '' + src.unfathomable.blue { + import common + + root * ${cgit-webroot} + @exists file + + route { + file_server @exists + reverse_proxy unix//run/cgit/cgit.sock + } + } + ''; + + declarative.git.hooks.post-receive = [ + # Regenerate the static pack and ref indices used by the dumb git protocol + # TODO(V): Remove this once we set up git-http-backend + (pkgs.writeShellScript "update-server-info" '' + git update-server-info + '') + + # Update the last-modified timestamp that cgit uses to measure freshness + (pkgs.writeShellScript "update-agefile" '' + git for-each-ref \ + --sort=-creatordate --count=1 \ + --format='%(creatordate:iso)' \ + >info/last-modified + '') + ]; +} |