diff options
-rw-r--r-- | automation.nix | 57 | ||||
-rw-r--r-- | configuration.nix | 1 | ||||
-rw-r--r-- | git.nix | 72 |
3 files changed, 104 insertions, 26 deletions
diff --git a/automation.nix b/automation.nix new file mode 100644 index 0000000..6645935 --- /dev/null +++ b/automation.nix @@ -0,0 +1,57 @@ +# Automation server +# Copyright (C) 2023 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + +{ config, lib, pkgs, ... }: +let + inherit (config.networking) domain; + httpSock = "unix:${workingDir}/http.sock"; + workingDir = "/var/lib/laminar"; +in { + environment.systemPackages = [ pkgs.laminar ]; + + services.nginx.virtualHosts."xong.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://${httpSock}"; + }; + + systemd.services.laminar = { + after = [ "network.target" ]; + description = "Laminar continuous integration service"; + documentation = [ "man:laminard(8)" "https://laminar.ohwg.net/docs.html" ]; + environment = { + LAMINAR_HOME = workingDir; + LAMINAR_BIND_HTTP = httpSock; + }; + serviceConfig = { + ExecStart = "${pkgs.laminar}/bin/laminard"; + Group = "laminar"; + User = "laminar"; + }; + wantedBy = [ "multi-user.target" ]; + }; + + users = { + users.laminar = { + isSystemUser = true; + group = "laminar"; + home = workingDir; + }; + groups.laminar.members = [ "cnx" "nginx" ]; + }; +} diff --git a/configuration.nix b/configuration.nix index f2c52fa..6654bd9 100644 --- a/configuration.nix +++ b/configuration.nix @@ -30,6 +30,7 @@ }; imports = [ + ./automation.nix ./dbms.nix ./dns.nix ./ipfs.nix diff --git a/git.nix b/git.nix index 152de98..99fb287 100644 --- a/git.nix +++ b/git.nix @@ -19,35 +19,55 @@ { config, lib, pkgs, ... }: let inherit (config.networking) domain; in { - services = { - lighttpd = { - cgit = { - configText = let - httpsClone = "https://trong.${domain}/$CGIT_REPO_URL"; - scanPath = "/var/lib/git"; - sshClone = "ssh://${domain}:2211${scanPath}/$CGIT_REPO_URL"; - in '' - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + services = let + cgitrc = pkgs.writeText "cgitrc" '' + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + css=/style.css + favicon=/favicon.ico + logo=/cgit.png + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + virtual-root=/ - clone-url=${httpsClone} ${sshClone} - enable-blame=1 - enable-git-config=1 - readme=:README.md - snapshots=tar.gz tar.zst - scan-path=${scanPath} - ''; - enable = true; - subdir = ""; - }; - enable = true; - port = 9418; - }; + clone-url=${httpsClone} ${sshClone} + enable-blame=1 + enable-git-config=1 + enable-index-links=1 + enable-index-owner=0 + readme=:README.md + snapshots=tar.gz tar.zst + scan-path=${scanPath} + ''; + css = builtins.readFile "${pkgs.cgit}/cgit/cgit.css" + '' - nginx."trong.${domain}" = let port = config.services.lighttpd.port; - in { + div#cgit { + font-size: initial; + } + ''; + httpsClone = "https://trong.${domain}/$CGIT_REPO_URL"; + scanPath = "/var/lib/git"; + sshClone = "ssh://${domain}:2211${scanPath}/$CGIT_REPO_URL"; + in { + fcgiwrap.enable = true; + nginx.virtualHosts."trong.${domain}" = { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://127.0.0.1:${toString port}"; + locations = { + "/" = { + root = "${pkgs.cgit}/cgit/"; + tryFiles = "$uri @cgit"; + }; + "~ ^/(cgit.png|favicon.ico|robots.txt)$".alias = "${pkgs.cgit}/cgit/$1"; + "= /style.css".alias = builtins.toFile "style.css" css; + "@cgit".extraConfig = '' + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + ''; + }; }; + }; } |