diff options
| author | Ben Sima <ben@bsima.me> | 2025-01-04 21:36:03 -0500 |
|---|---|---|
| committer | Ben Sima <ben@bsima.me> | 2025-01-04 21:36:03 -0500 |
| commit | 380ae85ebad6d22c79b3cbb279e8d76e3427d5a5 (patch) | |
| tree | d461dd02c7205d74eb077cd55c0a69f754cb10aa | |
| parent | 178a4fab6cdb5cbde6535d131d3341dba811db32 (diff) | |
Fix git hosting stuff, move to git. subdomain
After the update, the /git endpoint was redirecting in circles and I couldn't
figure out why. Eventually I just moved it to a subdomain, and in the process I
found out that the git-daemon thing doesn't work anymore because of the user
ownership of the repos, as mentioned in the long comment. So I just disabled
that. Now it works, but cloning is only available over ssh, and that's fine I
guess.
| -rw-r--r-- | Omni/Cloud/Git.nix | 31 | ||||
| -rw-r--r-- | Omni/Cloud/Web.nix | 23 |
2 files changed, 22 insertions, 32 deletions
diff --git a/Omni/Cloud/Git.nix b/Omni/Cloud/Git.nix index 854c58a..50fe2c0 100644 --- a/Omni/Cloud/Git.nix +++ b/Omni/Cloud/Git.nix @@ -9,22 +9,31 @@ ports = import ./Ports.nix; in { services = { - cgit.cloud = { + # redirect old subdirectory to new subdomain + nginx.virtualHosts.${domain}.locations."/git".return = "301 https://git.$host"; + nginx.virtualHosts."git.${domain}" = { + forceSSL = true; + useACMEHost = domain; + }; + cgit."git.${domain}" = { enable = true; - nginx.location = "/git"; - nginx.virtualHost = "/git"; + user = "git"; + group = "git"; + nginx.location = "/"; scanPath = "/var/git/repositories"; settings = { strict-export = "git-daemon-export-ok"; - css = "/git/cgit.css"; - logo = "/git/cgit.png"; root-title = "ben's git repos"; - root-desc = "building"; + root-desc = "xmpp:buildlog@conference.simatime.com"; enable-git-config = 1; clone-url = lib.strings.concatStringsSep " " [ - "https://$HTTP_HOST/git/$CGIT_REPO_URL" - "git://$HTTP_HOST/$CGIT_REPO_URL" - "git@$HTTP_HOST:$CGIT_REPO_URL" + # this doesn't work because git-daemon runs as user gitDaemon, but + # gitolite uses the user 'git', and git says "fatal: detected dubious + # ownership" if the repo isn't owned by the user executing the git + # command. so gitDaemon cannot access the repos. if i try to set both + # users to just 'git' then i get a uid collision. so just forget it + # "git://$HTTP_HOST/$CGIT_REPO_URL" # must be same as gitDaemon.listenAddress + "git@${domain}:$CGIT_REPO_URL" ]; }; }; @@ -51,7 +60,7 @@ in { gitDaemon = { enable = true; basePath = "${root}/repositories"; - listenAddress = domain; + listenAddress = "git.${domain}"; user = "gitDaemon"; group = "gitDaemon"; }; @@ -113,7 +122,7 @@ in { description = "Git daemon user"; extraGroups = ["git"]; }; - "nginx".extraGroups = ["git"]; + nginx.extraGroups = ["git"]; }; users.groups = {gitDaemon = {};}; } diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix index 84f87d4..df62aa3 100644 --- a/Omni/Cloud/Web.nix +++ b/Omni/Cloud/Web.nix @@ -105,12 +105,10 @@ in { virtualHosts = { ${rootDomain} = { + serverName = rootDomain; forceSSL = true; enableACME = true; locations = { - # the nginx/cgit module puts a '/' at the end of 'location', so we need to - # redirect '/git' to '/git/' - "/git".return = "301 https://$host/git/"; # nostr nip-5 verification "/.well-known/nostr.json".return = "200 '${ builtins.toJSON { @@ -134,24 +132,6 @@ in { }; }; - # these are for xmpp, not sure if they are necessary but they seem to be? - "conference.${rootDomain}" = { - forceSSL = true; - useACMEHost = rootDomain; - locations."/" = { - root = "/var/web/simatime.com"; - extraConfig = "autoindex on;"; - }; - }; - "upload.${rootDomain}" = { - forceSSL = true; - useACMEHost = rootDomain; - locations."/" = { - root = "/var/web/simatime.com"; - extraConfig = "autoindex on;"; - }; - }; - "bsima.me" = { locations."/" = { root = "/var/web/ben"; @@ -303,6 +283,7 @@ in { "m.youtube" "sd" "gerrit" + "git" # xmpp stuff "upload" "conference" |