X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=virtual%2Feldiron.nix;h=39672b515ad932090420d8fcc188d16c89f621ee;hb=6d1919342a40b37bc2c664f364bd03a4faec7ef4;hp=292b31aa55d521d2c4f39b786ad04dc7f2f90d95;hpb=5566d26d9cb4f992e974ad8a8720c5970d566105;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 292b31a..39672b5 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -12,7 +12,7 @@
     networking = {
       firewall = {
         enable = true;
-        allowedTCPPorts = [ 22 80 443 3306 5432 ];
+        allowedTCPPorts = [ 22 80 443 3306 5432 9418 ];
       };
     };
 
@@ -91,6 +91,17 @@
       AuthorizedKeysCommandUser nobody
       '';
 
+    users.users.wwwrun.extraGroups = [ "gitolite" ];
+
+    users.users.gitolite.packages = let
+      python-packages = python-packages: with python-packages; [
+        simplejson
+        urllib3
+      ];
+    in
+      [
+        (pkgs.python3.withPackages python-packages)
+      ];
     # FIXME: after initial install, need to
     # (1) copy rc file (adjust gitolite_ldap_groups.sh)
     # (2) (mark old readonly and) sync repos except gitolite-admin
@@ -124,6 +135,7 @@
         connexionswing_dev = mypkgs.connexionswing_dev.phpFpm.pool;
         connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool;
         nextcloud = mypkgs.nextcloud.phpFpm.pool;
+        mantisbt = mypkgs.mantisbt.phpFpm.pool;
       };
     };
 
@@ -154,6 +166,10 @@
         text = ''
           if [ -d /var/lib/gitolite ]; then
             ln -sf ${gitolite_ldap_groups} /var/lib/gitolite/gitolite_ldap_groups.sh
+            chmod g+rx /var/lib/gitolite
+          fi
+          if [ -f /var/lib/gitolite/projects.list ]; then
+            chmod g+r /var/lib/gitolite/projects.list
           fi
         '';
       };
@@ -179,6 +195,13 @@
       source = ldap_authorized_keys;
     };
 
+    services.gitDaemon = {
+      enable = true;
+      user = "gitolite";
+      group = "gitolite";
+      basePath = "${mypkgs.git.web.varDir}/repositories";
+    };
+
     services.httpd = let
       withSSL = domain: {
         enableSSL = true;
@@ -245,6 +268,8 @@
         mypkgs.connexionswing_dev.apache.modules ++
         mypkgs.connexionswing_prod.apache.modules ++
         mypkgs.ympd.apache.modules ++
+        mypkgs.git.web.apache.modules ++
+        mypkgs.mantisbt.apache.modules ++
         pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
         [ "macro" ]);
       extraConfig = builtins.concatStringsSep "\n"
@@ -292,6 +317,19 @@
             mypkgs.nextcloud.apache.vhostConf
           ];
         })
+        (withSSL "eldiron" // {
+          listen = [ { ip = "*"; port = 443; } ];
+          hostName = "git.immae.eu";
+          documentRoot = mypkgs.git.web.webRoot;
+          extraConfig = builtins.concatStringsSep "\n" [
+            mypkgs.git.web.apache.vhostConf
+            mypkgs.mantisbt.apache.vhostConf
+          ] + ''
+            RewriteEngine on
+            RewriteCond %{REQUEST_URI}       ^/releases
+            RewriteRule /releases(.*)        https://release.immae.eu$1 [P,L]
+            '';
+        })
         { # Should go last, default fallback
           listen = [ { ip = "*"; port = 80; } ];
           hostName = "redirectSSL";
@@ -390,6 +428,7 @@
       authentication = ''
         local	all	postgres				ident
         local	all	all					md5
+        host	all	all		samehost		md5
         host	all	all		178.33.252.96/32	md5
         host	all	all		188.165.209.148/32	md5
         #host	all	all		all			pam