diff options
| author | Ben Sima <ben@bsima.me> | 2025-01-04 21:36:03 -0500 |
|---|---|---|
| committer | Ben Sima <ben@bsima.me> | 2025-01-04 21:36:03 -0500 |
| commit | 380ae85ebad6d22c79b3cbb279e8d76e3427d5a5 (patch) | |
| tree | d461dd02c7205d74eb077cd55c0a69f754cb10aa /Omni/Cloud/Git.nix | |
| parent | 178a4fab6cdb5cbde6535d131d3341dba811db32 (diff) | |
Fix git hosting stuff, move to git. subdomain
After the update, the /git endpoint was redirecting in circles and I couldn't
figure out why. Eventually I just moved it to a subdomain, and in the process I
found out that the git-daemon thing doesn't work anymore because of the user
ownership of the repos, as mentioned in the long comment. So I just disabled
that. Now it works, but cloning is only available over ssh, and that's fine I
guess.
Diffstat (limited to 'Omni/Cloud/Git.nix')
| -rw-r--r-- | Omni/Cloud/Git.nix | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/Omni/Cloud/Git.nix b/Omni/Cloud/Git.nix index 854c58a..50fe2c0 100644 --- a/Omni/Cloud/Git.nix +++ b/Omni/Cloud/Git.nix @@ -9,22 +9,31 @@ ports = import ./Ports.nix; in { services = { - cgit.cloud = { + # redirect old subdirectory to new subdomain + nginx.virtualHosts.${domain}.locations."/git".return = "301 https://git.$host"; + nginx.virtualHosts."git.${domain}" = { + forceSSL = true; + useACMEHost = domain; + }; + cgit."git.${domain}" = { enable = true; - nginx.location = "/git"; - nginx.virtualHost = "/git"; + user = "git"; + group = "git"; + nginx.location = "/"; scanPath = "/var/git/repositories"; settings = { strict-export = "git-daemon-export-ok"; - css = "/git/cgit.css"; - logo = "/git/cgit.png"; root-title = "ben's git repos"; - root-desc = "building"; + root-desc = "xmpp:buildlog@conference.simatime.com"; enable-git-config = 1; clone-url = lib.strings.concatStringsSep " " [ - "https://$HTTP_HOST/git/$CGIT_REPO_URL" - "git://$HTTP_HOST/$CGIT_REPO_URL" - "git@$HTTP_HOST:$CGIT_REPO_URL" + # this doesn't work because git-daemon runs as user gitDaemon, but + # gitolite uses the user 'git', and git says "fatal: detected dubious + # ownership" if the repo isn't owned by the user executing the git + # command. so gitDaemon cannot access the repos. if i try to set both + # users to just 'git' then i get a uid collision. so just forget it + # "git://$HTTP_HOST/$CGIT_REPO_URL" # must be same as gitDaemon.listenAddress + "git@${domain}:$CGIT_REPO_URL" ]; }; }; @@ -51,7 +60,7 @@ in { gitDaemon = { enable = true; basePath = "${root}/repositories"; - listenAddress = domain; + listenAddress = "git.${domain}"; user = "gitDaemon"; group = "gitDaemon"; }; @@ -113,7 +122,7 @@ in { description = "Git daemon user"; extraGroups = ["git"]; }; - "nginx".extraGroups = ["git"]; + nginx.extraGroups = ["git"]; }; users.groups = {gitDaemon = {};}; } |