diff options
Diffstat (limited to 'roles/git/files/etc')
-rw-r--r-- | roles/git/files/etc/cgitrc | 85 | ||||
-rw-r--r-- | roles/git/files/etc/gitweb.conf | 40 | ||||
-rw-r--r-- | roles/git/files/etc/nginx/sites-available/git | 74 | ||||
-rw-r--r-- | roles/git/files/etc/nginx/sites-available/gitweb | 48 | ||||
-rw-r--r-- | roles/git/files/etc/uwsgi/apps-available/cgit.ini | 6 | ||||
-rw-r--r-- | roles/git/files/etc/uwsgi/apps-available/git-http-backend.ini | 4 |
6 files changed, 139 insertions, 118 deletions
diff --git a/roles/git/files/etc/cgitrc b/roles/git/files/etc/cgitrc new file mode 100644 index 0000000..b862dc3 --- /dev/null +++ b/roles/git/files/etc/cgitrc @@ -0,0 +1,85 @@ +# +# cgit config +# see cgitrc(5) for details + +# Enable caching of up to 1000 output entries +cache-size=1000 + +# Specify some default clone url prefixes +clone-url=https://$HTTP_HOST/$CGIT_REPO_NAME ssh://$HTTP_HOST/$CGIT_REPO_NAME + +# Specify the css, logo and favicon urls +css=/static/cgit.css +logo=/static/cgit.png +favicon=/static/favicon.ico + +# Show owner on index page +enable-index-owner=1 + +# Disallow dumb http transport git clone +enable-http-clone=0 + +# Show extra links for each repository on the index page +enable-index-links=1 + +# Enable ASCII art commit history graph on the log pages +enable-commit-graph=1 + +# Show number of affected files per commit on the log pages +enable-log-filecount=1 + +# Enable statistics per week, month and quarter +max-stats=quarter + +# Set the title and heading of the repository index page +root-title=Fripost's git repositories + +# Set a subheading for the repository index page +root-desc=Git repositories hosted at fripost.org + +# Enable indexing by web crawlers +robots=index + +# Use root URL for all cgit links +virtual-root=/ + +# Allow download of tar.gz, tar.bz2 and zip-files +#tar.gz tar.bz2 + +## +## List of common mimetypes +## + +mimetype.gif=image/gif +mimetype.html=text/html +mimetype.jpg=image/jpeg +mimetype.jpeg=image/jpeg +mimetype.pdf=application/pdf +mimetype.png=image/png +mimetype.svg=image/svg+xml + +# Highlight source code with python pygments-based highlighter +source-filter=/usr/lib/cgit/filters/syntax-highlighting2.sh + +# Format markdown, restructuredtext, manpages, text files, and html files +# through the right converters +about-filter=/usr/lib/cgit/filters/about-formatting.sh + +# Search for these files in the root of the default branch of repositories +# for coming up with the about page: +readme=:README.html +readme=:readme.html +readme=:README.htm +readme=:readme.htm +readme=:README.txt +readme=:readme.txt +readme=:README +readme=:readme +readme=:INSTALL +readme=:install + +# List of repositories. +enable-git-config=1 +remove-suffix=1 +project-list=/var/lib/gitolite/projects.list +scan-path=/var/lib/gitolite/repositories diff --git a/roles/git/files/etc/gitweb.conf b/roles/git/files/etc/gitweb.conf deleted file mode 100644 index 0d667b7..0000000 --- a/roles/git/files/etc/gitweb.conf +++ /dev/null @@ -1,40 +0,0 @@ -$site_name = "Fripost Git"; - -# path to git projects (<project>.git) -$projectroot = "/var/lib/gitolite/repositories"; - -# directory to use for temp files -$git_temp = "/tmp"; - -# target of the home link on top of all pages -#$home_link = $my_uri || "/"; - -# html text to include at home page -$home_text = ""; - -# file with project list; by default, simply scan the projectroot dir. -$projects_list = "/var/lib/gitolite/projects.list"; - -#$projects_list = $projectroot; -#$export_ok = "git-daemon-export-ok"; - -# stylesheet to use -#push @stylesheets, "static/gitweb.css"; - -# javascript code for gitweb -$javascript = "static/gitweb.js"; - -# logo to use -$logo = "static/git-logo.png"; - -# the 'favicon' -$favicon = "static/git-favicon.png"; - -# git-diff-tree(1) options to use for generated patches -#@diff_opts = ("-M"); -@diff_opts = (); - -# the base url -@git_base_url_list = ( 'git clone ssh://gitolite@git.fripost.org' - , 'git clone https://git.fripost.org' - ) diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git index 9510620..75c1512 100644 --- a/roles/git/files/etc/nginx/sites-available/git +++ b/roles/git/files/etc/nginx/sites-available/git @@ -7,31 +7,38 @@ server { access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; + location ^~ /static/ { + alias /usr/share/cgit/; + expires 30d; + } + # Bypass the CGI to return static files stored on disk. Try first repo with # a trailing '.git', then without. - location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { + location ~* "^/((?U)[^/]+)(?:\.git)?/objects/(?:[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { root /var/lib/gitolite/repositories; try_files /$1.git/objects/$2 /$1/objects/$2 =404; + expires 30d; + # TODO honor git-daemon-export-ok } - # Disallow push over HTTP(S) - location ~* ^/[^/]+/git-receive-pack$ { - return 403; - } + # disallow push over HTTP/HTTPS + location ~* "^/[^/]+/git-receive-pack$" { return 403; } - location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ { - fastcgi_param PATH_INFO $uri; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL 1; - fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/var/run/fcgiwrap.socket; + location ~* "^/[^/]+/(?:HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$" { gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + uwsgi_pass unix:/run/uwsgi/app/git-http-backend/socket; } - # Redirect to gitweb otherwise - location ~ ^/([^/]+/?)?$ { - return 302 $scheme://gitweb.fripost.org/$1; + + # send all other URLs to cgit + location / { + gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/app/cgit/socket; } } @@ -49,30 +56,37 @@ server { access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; + location ^~ /static/ { + alias /usr/share/cgit/; + expires 30d; + } + # Bypass the CGI to return static files stored on disk. Try first repo with # a trailing '.git', then without. - location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { + location ~* "^/((?U)[^/]+)(?:\.git)?/objects/(?:[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { root /var/lib/gitolite/repositories; try_files /$1.git/objects/$2 /$1/objects/$2 =404; + expires 30d; + # TODO honor git-daemon-export-ok } - # Disallow push over HTTP(S) - location ~* ^/[^/]+/git-receive-pack$ { - return 403; - } + # disallow push over HTTP/HTTPS + location ~* "^/[^/]+/git-receive-pack$" { return 403; } - location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ { - fastcgi_param PATH_INFO $uri; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL 1; - fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/var/run/fcgiwrap.socket; + location ~* "^/[^/]+/(?:HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$" { gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + uwsgi_pass unix:/run/uwsgi/app/git-http-backend/socket; } - # Redirect to gitweb otherwise - location ~ ^/([^/]+/?)?$ { - return 302 $scheme://gitweb.fripost.org/$1; + + # send all other URLs to cgit + location / { + gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/app/cgit/socket; } } diff --git a/roles/git/files/etc/nginx/sites-available/gitweb b/roles/git/files/etc/nginx/sites-available/gitweb deleted file mode 100644 index 3814145..0000000 --- a/roles/git/files/etc/nginx/sites-available/gitweb +++ /dev/null @@ -1,48 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name gitweb.fripost.org; - - access_log /var/log/nginx/gitweb.access.log; - error_log /var/log/nginx/gitweb.error.log info; - - location ^~ /static/ { - alias /usr/share/gitweb/static/; - } - - try_files $uri @fcgi; - location @fcgi { - root /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/run/gitweb.socket; - gzip off; - } -} - - -server { - listen 443; - listen [::]:443; - - server_name gitweb.fripost.org; - - include ssl/config; - ssl_certificate /etc/nginx/ssl/git.fripost.org.pem; - ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key; - - access_log /var/log/nginx/gitweb.access.log; - error_log /var/log/nginx/gitweb.error.log info; - - location ^~ /static/ { - alias /usr/share/gitweb/static/; - } - - try_files $uri @fcgi; - location @fcgi { - root /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/run/gitweb.socket; - gzip off; - } -} diff --git a/roles/git/files/etc/uwsgi/apps-available/cgit.ini b/roles/git/files/etc/uwsgi/apps-available/cgit.ini new file mode 100644 index 0000000..2fb5b25 --- /dev/null +++ b/roles/git/files/etc/uwsgi/apps-available/cgit.ini @@ -0,0 +1,6 @@ +[uwsgi] +plugins = cgi +procname-master = uwsgi %(deb-confname) +cgi = /usr/lib/cgit/cgit.cgi +uid = cgit +gid = www-data diff --git a/roles/git/files/etc/uwsgi/apps-available/git-http-backend.ini b/roles/git/files/etc/uwsgi/apps-available/git-http-backend.ini new file mode 100644 index 0000000..6718237 --- /dev/null +++ b/roles/git/files/etc/uwsgi/apps-available/git-http-backend.ini @@ -0,0 +1,4 @@ +[uwsgi] +plugins = cgi +procname-master = uwsgi %(deb-confname) +cgi = /usr/lib/git-core/git-http-backend |