AuthorizedKeysCommandUser nobody
'';
+ users.users.wwwrun.extraGroups = [ "gitolite" ];
+
# FIXME: after initial install, need to
# (1) copy rc file (adjust gitolite_ldap_groups.sh)
# (2) (mark old readonly and) sync repos except gitolite-admin
text = ''
if [ -d /var/lib/gitolite ]; then
ln -sf ${gitolite_ldap_groups} /var/lib/gitolite/gitolite_ldap_groups.sh
+ chmod g+rx /var/lib/gitolite
+ fi
+ if [ -f /var/lib/gitolite/projects.list ]; then
+ chmod g+r /var/lib/gitolite/projects.list
fi
'';
};
mypkgs.connexionswing_dev.apache.modules ++
mypkgs.connexionswing_prod.apache.modules ++
mypkgs.ympd.apache.modules ++
+ mypkgs.git.web.apache.modules ++
pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
[ "macro" ]);
extraConfig = builtins.concatStringsSep "\n"
mypkgs.nextcloud.apache.vhostConf
];
})
+ (withSSL "eldiron" // {
+ listen = [ { ip = "*"; port = 443; } ];
+ hostName = "git.immae.eu";
+ documentRoot = mypkgs.git.web.webRoot;
+ extraConfig = builtins.concatStringsSep "\n" [
+ mypkgs.git.web.apache.vhostConf
+ ] + ''
+ RewriteEngine on
+ RewriteCond %{REQUEST_URI} ^/releases
+ RewriteRule /releases(.*) https://release.immae.eu$1 [P,L]
+ '';
+ })
{ # Should go last, default fallback
listen = [ { ip = "*"; port = 80; } ];
hostName = "redirectSSL";