1 files changed, 105 insertions, 0 deletions
diff --git a/modules/services/cgit/default.nix b/modules/services/cgit/default.nix
new file mode 100644
index 0000000..484a708
--- /dev/null
+++ b/modules/services/cgit/default.nix
@@ -0,0 +1,105 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.services.cgit;
+  cgitrc = ''
+    # Global configuration
+    virtual-root=/
+
+    # clone will be handled by gerrit
+    enable-http-clone=0
+    clone-url=https://cl.fcuny.net/$CGIT_REPO_URL
+
+    source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+    about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+
+    enable-git-config=1
+    enable-index-owner=0
+
+    remove-suffix=1
+
+    # sort repositories by section and branches by date
+    repository-sort=age
+    branch-sort=age
+
+    readme=:README.md
+    readme=:README.org
+    readme=:readme.org
+
+    # print the number of modified files
+    enable-log-filecount=1
+    # print the number of modified lines
+    enable-log-linecount=1
+    enable-follow-links=1
+    enable-blame=1
+
+    root-title="franck's personal repositories"
+
+    # don't index or follow
+    robots="noindex, nofollow"
+
+    project-list=/var/lib/cgit/cache/projects.list
+    scan-path=/var/lib/gerrit/git
+  '';
+in {
+  options.my.services.cgit = with lib; {
+    enable = mkEnableOption "git web viewer";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.fcgiwrap = {
+      enable = true;
+      user = "git";
+      group = "git";
+    };
+
+    systemd = {
+      timers.sync-cgit-repo = {
+        description = "synchronize the list of repositories from gerrit";
+        wantedBy = [ "timers.target" ];
+        partOf = [ "sync-cgit-repo.service" ];
+        timerConfig.OnCalendar = "*:0/10";
+      };
+      services.sync-cgit-repo = {
+        description = "synchronize the list of repositories from gerrit";
+        serviceConfig.Type = "oneshot";
+        script = ''
+          mkdir -p /var/lib/cgit/cache
+          tmplist=$(mktemp)
+
+          # as per https://gerrit-review.googlesource.com/Documentation/rest-api.html#output we need to remove `)]}' from the response
+          repos=$(${pkgs.curl}/bin/curl -s -H "Content-Type: application/json" "https://cl.fcuny.net/projects/?state=ACTIVE"|sed "s/^)]}'//"|${pkgs.jq}/bin/jq -r 'to_entries | .[] | .value | .id')
+
+          # list of repositories that I still want to be active in gerrit but I don't want to list here
+          exclude_repos="password-store|All-Projects|All-Users|homelab"
+
+          for repo in ''${repos}; do
+            if [[ ! $exclude_repos =~ $repo ]]; then
+              echo "''${repo}.git" >> $tmplist
+            fi
+          done
+          mv $tmplist /var/lib/cgit/cache/projects.list
+          # TODO(fcuny): this should run as the git user
+          chown git:git /var/lib/cgit/cache/projects.list
+        '';
+      };
+    };
+
+    services.nginx.virtualHosts."git.fcuny.net" = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "~* ^.+.(css|png|ico)$" = { root = "${pkgs.cgit}/cgit"; };
+        "/".extraConfig = ''
+          include ${pkgs.nginx}/conf/fastcgi_params;
+          fastcgi_param CGIT_CONFIG ${pkgs.writeText "cgitrc" cgitrc};
+          fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
+          fastcgi_split_path_info ^(/?)(.+)$;
+          fastcgi_param PATH_INFO $fastcgi_path_info;
+          fastcgi_param HTTP_HOST $server_name;
+          fastcgi_param QUERY_STRING $args;
+          fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+        '';
+      };
+    };
+  };
+}