1 files changed, 85 insertions, 0 deletions

diff --git a/manifests/nginx.pp b/manifests/nginx.pp
new file mode 100644
index 0000000..f2a1396
--- /dev/null
+++ b/manifests/nginx.pp
@@ -0,0 +1,85 @@
+class cgit::nginx {
+
+  if ($cgit::certname == undef) {
+    nginx::resource::server { 'cgit':
+      server_name => [ $cgit::server_name, ],
+      access_log           => 'absent',
+      error_log            => 'absent',
+      index_files          => [],
+      try_files            => [ '$uri', '@cgit' ],
+      ssl                  => false,
+      use_default_location => true,
+      www_root             => $cgit_root,
+    }
+  } else {
+    nginx::resource::server { 'cgit':
+      server_name => [ $cgit::server_name, ],
+      access_log           => 'absent',
+      error_log            => 'absent',
+      index_files          => [],
+      try_files            => [ '$uri', '@cgit' ],
+      ssl                  => true,
+      ssl_cert             => "/etc/letsencrypt/live/${cgit::certname}/fullchain.pem",
+      ssl_key              => "/etc/letsencrypt/live/${cgit::certname}/privkey.pem",
+      use_default_location => true,
+      www_root             => $cgit_root,
+      ssl_redirect         => true,
+    }
+  }
+
+  nginx::resource::location { '@cgit':
+    fastcgi_params => 'fastcgi_params',
+    fastcgi_param => {
+      'SCRIPT_FILENAME' => '/usr/lib/cgit/cgit.cgi',
+      'PATH_INFO' => '$fastcgi_script_name',
+      'QUERY_STRING' => '$args',
+    },
+    ssl_only => $cgit::certname != undef,
+    fastcgi => 'unix:/run/fcgiwrap.socket',
+    server => [
+      'cgit',
+      ],
+  }
+
+  $cgit_htpasswd = '/var/lib/nginx/cgit-htpasswd'
+  file { $cgit_htpasswd:
+    ensure  => file,
+    content => $cgit::users.map |$user| {
+      [$user['name'], $user['pass']].join(':')
+      }.join("\n")
+  }
+
+  nginx::resource::location {
+    $cgit::public_repos.map |$repo| { "~ ^(/${repo}\\.git/.*)" }:
+      server         => 'cgit',
+      ssl_only       => $cgit::certname != undef,
+      priority       => 450,
+      fastcgi        => 'unix:/run/fcgiwrap.socket',
+      fastcgi_params => 'fastcgi_params',
+      fastcgi_param           => {
+        'SCRIPT_FILENAME'     => '/usr/lib/git-core/git-http-backend',
+        'GIT_PROJECT_ROOT'    => $cgit::scan_path,
+        'GIT_HTTP_EXPORT_ALL' => '""',
+        'PATH_INFO'           => '$1',
+      }
+  }
+
+
+  nginx::resource::location { '~ (.*\.git/.*)':
+    server    => 'cgit',
+    ssl_only  => $cgit::certname != undef,
+    location_cfg_append  => {
+      auth_basic           => '"CGit login"',
+      auth_basic_user_file => $cgit_htpasswd,
+    },
+    fastcgi                 => 'unix:/run/fcgiwrap.socket',
+    fastcgi_params          => 'fastcgi_params',
+    fastcgi_param           => {
+      'SCRIPT_FILENAME'     => '/usr/lib/git-core/git-http-backend',
+      'GIT_PROJECT_ROOT'    => $cgit::scan_path,
+      'GIT_HTTP_EXPORT_ALL' => '""',
+      'PATH_INFO'           => '$1',
+    }
+  }
+
+}