From 4288c2f2431fb782b0d512b1b3749187f2374b6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 22 May 2019 20:01:33 +0200 Subject: Move websites/tools to modules --- modules/private/websites/tools/git/default.nix | 43 +++++++++++ modules/private/websites/tools/git/gitweb.nix | 64 +++++++++++++++++ modules/private/websites/tools/git/mantisbt.nix | 96 +++++++++++++++++++++++++ 3 files changed, 203 insertions(+) create mode 100644 modules/private/websites/tools/git/default.nix create mode 100644 modules/private/websites/tools/git/gitweb.nix create mode 100644 modules/private/websites/tools/git/mantisbt.nix (limited to 'modules/private/websites/tools/git') diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix new file mode 100644 index 0000000..3e8b605 --- /dev/null +++ b/modules/private/websites/tools/git/default.nix @@ -0,0 +1,43 @@ +{ lib, pkgs, config, myconfig, ... }: +let + mantisbt = pkgs.callPackage ./mantisbt.nix { + inherit (pkgs.webapps) mantisbt_2 mantisbt_2-plugins; + env = myconfig.env.tools.mantisbt; + }; + gitweb = pkgs.callPackage ./gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; }; + + cfg = config.myServices.websites.tools.git; +in { + options.myServices.websites.tools.git = { + enable = lib.mkEnableOption "enable git's website"; + }; + + config = lib.mkIf cfg.enable { + secrets.keys = mantisbt.keys; + services.websites.tools.modules = + gitweb.apache.modules ++ + mantisbt.apache.modules; + myServices.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot; + myServices.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot; + + system.activationScripts.mantisbt = mantisbt.activationScript; + services.websites.tools.vhostConfs.git = { + certName = "eldiron"; + addToCerts = true; + hosts = ["git.immae.eu" ]; + root = gitweb.apache.root; + extraConfig = [ + gitweb.apache.vhostConf + mantisbt.apache.vhostConf + '' + RewriteEngine on + RewriteCond %{REQUEST_URI} ^/releases + RewriteRule /releases(.*) https://release.immae.eu$1 [P,L] + '' + ]; + }; + services.phpfpm.poolConfigs = { + mantisbt = mantisbt.phpFpm.pool; + }; + }; +} diff --git a/modules/private/websites/tools/git/gitweb.nix b/modules/private/websites/tools/git/gitweb.nix new file mode 100644 index 0000000..2ee7a63 --- /dev/null +++ b/modules/private/websites/tools/git/gitweb.nix @@ -0,0 +1,64 @@ +{ gitweb, writeText, gitolite, git, gitoliteDir, highlight }: +rec { + varDir = gitoliteDir; + webRoot = gitweb; + config = writeText "gitweb.conf" '' + $git_temp = "/tmp"; + + # The directories where your projects are. Must not end with a + # slash. + $projectroot = "${varDir}/repositories"; + + $projects_list = "${varDir}/projects.list"; + $strict_export = "true"; + + # Base URLs for links displayed in the web interface. + our @git_base_url_list = qw(ssh://gitolite@git.immae.eu https://git.immae.eu); + + $feature{'blame'}{'default'} = [1]; + $feature{'avatar'}{'default'} = ['gravatar']; + $feature{'highlight'}{'default'} = [1]; + + @stylesheets = ("gitweb-theme/gitweb.css"); + $logo = "gitweb-theme/git-logo.png"; + $favicon = "gitweb-theme/git-favicon.png"; + $javascript = "gitweb-theme/gitweb.js"; + $logo_url = "https://git.immae.eu/"; + $projects_list_group_categories = "true"; + $projects_list_description_width = 60; + $project_list_default_category = "__Others__"; + $highlight_bin = "${highlight}/bin/highlight"; + ''; + apache = rec { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "cgid" ]; + webappName = "tools_gitweb"; + root = "/run/current-system/webapps/${webappName}"; + vhostConf = '' + SetEnv GIT_PROJECT_ROOT ${varDir}/repositories/ + ScriptAliasMatch \ + "(?x)^/(.*/(HEAD | \ + info/refs | \ + objects/(info/[^/]+ | \ + [0-9a-f]{2}/[0-9a-f]{38} | \ + pack/pack-[0-9a-f]{40}\.(pack|idx)) | \ + git-(upload|receive)-pack))$" \ + ${git}/libexec/git-core/git-http-backend/$1 + + + Require all granted + + + DirectoryIndex gitweb.cgi + Require all granted + AllowOverride None + Options ExecCGI FollowSymLinks + + SetHandler cgi-script + SetEnv GITWEB_CONFIG "${config}" + + + ''; + }; +} diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix new file mode 100644 index 0000000..a1b830e --- /dev/null +++ b/modules/private/websites/tools/git/mantisbt.nix @@ -0,0 +1,96 @@ +{ env, mantisbt_2, mantisbt_2-plugins }: +rec { + activationScript = { + deps = [ "httpd" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt + ''; + }; + keys = [{ + dest = "webapps/tools-mantisbt"; + user = apache.user; + group = apache.group; + permissions = "0400"; + text = '' + + DirectoryIndex index.php + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + AllowOverride All + Options FollowSymlinks + Require all granted + + + #Reenable during upgrade + Require all denied + + ''; + }; + phpFpm = rec { + serviceDeps = [ "postgresql.service" "openldap.service" ]; + basedir = builtins.concatStringsSep ":" ( + [ webRoot "/var/secrets/webapps/tools-mantisbt" ] + ++ webRoot.plugins); + socket = "/var/run/phpfpm/mantisbt.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 60 + pm.process_idle_timeout = 60 + + php_admin_value[upload_max_filesize] = 5000000 + + php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt" + php_admin_value[session.save_path] = "/var/lib/php/sessions/mantisbt" + ''; + }; +} -- cgit v1.2.3