X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=virtual%2Feldiron.nix;h=f70c92c8c6bd61886884f7fe48755cc204ae79ae;hb=7611e4e2ace4355ec4397a675883890927a13c7c;hp=292b31aa55d521d2c4f39b786ad04dc7f2f90d95;hpb=5566d26d9cb4f992e974ad8a8720c5970d566105;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 292b31a..f70c92c 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -12,7 +12,7 @@
     networking = {
       firewall = {
         enable = true;
-        allowedTCPPorts = [ 22 80 443 3306 5432 ];
+        allowedTCPPorts = [ 22 80 443 3306 5432 9418 ];
       };
     };
 
@@ -91,6 +91,8 @@
       AuthorizedKeysCommandUser nobody
       '';
 
+    users.users.wwwrun.extraGroups = [ "gitolite" ];
+
     # FIXME: after initial install, need to
     # (1) copy rc file (adjust gitolite_ldap_groups.sh)
     # (2) (mark old readonly and) sync repos except gitolite-admin
@@ -154,6 +156,10 @@
         text = ''
           if [ -d /var/lib/gitolite ]; then
             ln -sf ${gitolite_ldap_groups} /var/lib/gitolite/gitolite_ldap_groups.sh
+            chmod g+rx /var/lib/gitolite
+          fi
+          if [ -f /var/lib/gitolite/projects.list ]; then
+            chmod g+r /var/lib/gitolite/projects.list
           fi
         '';
       };
@@ -179,6 +185,13 @@
       source = ldap_authorized_keys;
     };
 
+    services.gitDaemon = {
+      enable = true;
+      user = "gitolite";
+      group = "gitolite";
+      basePath = "${mypkgs.git.web.varDir}/repositories";
+    };
+
     services.httpd = let
       withSSL = domain: {
         enableSSL = true;
@@ -245,6 +258,7 @@
         mypkgs.connexionswing_dev.apache.modules ++
         mypkgs.connexionswing_prod.apache.modules ++
         mypkgs.ympd.apache.modules ++
+        mypkgs.git.web.apache.modules ++
         pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
         [ "macro" ]);
       extraConfig = builtins.concatStringsSep "\n"
@@ -292,6 +306,18 @@
             mypkgs.nextcloud.apache.vhostConf
           ];
         })
+        (withSSL "eldiron" // {
+          listen = [ { ip = "*"; port = 443; } ];
+          hostName = "git.immae.eu";
+          documentRoot = mypkgs.git.web.webRoot;
+          extraConfig = builtins.concatStringsSep "\n" [
+            mypkgs.git.web.apache.vhostConf
+          ] + ''
+            RewriteEngine on
+            RewriteCond %{REQUEST_URI}       ^/releases
+            RewriteRule /releases(.*)        https://release.immae.eu$1 [P,L]
+            '';
+        })
         { # Should go last, default fallback
           listen = [ { ip = "*"; port = 80; } ];
           hostName = "redirectSSL";