# @summary Manages nginx resources for cgit # @api private class cgit::nginx { nginx::resource::server { 'cgit': server_name => [$cgit::server_name], access_log => 'absent', error_log => 'absent', index_files => [], try_files => ['$uri', '@cgit'], use_default_location => true, www_root => $cgit::root, * => letsencrypt::conf::nginx($cgit::server_name), } nginx::resource::location { '@cgit': fastcgi_params => 'fastcgi_params', fastcgi_param => { 'SCRIPT_FILENAME' => '/usr/lib/cgit/cgit.cgi', 'PATH_INFO' => '$fastcgi_script_name', 'QUERY_STRING' => '$args', }, * => letsencrypt::conf::nginx::location($cgit::server_name), fastcgi => 'unix:/run/fcgiwrap.socket', server => [ 'cgit', ], } file { $cgit::htpasswd: ensure => file, content => $cgit::users.map |$user| { [$user['name'], $user['pass']].join(':') }.join("\n"), } # TODO each repo name should be regex-escaped $re = $cgit::public_repos.join('|') nginx::resource::location { "~ ^(/(${re})\\.git/.*)" : * => letsencrypt::conf::nginx::location($cgit::server_name), server => 'cgit', priority => 450, fastcgi => 'unix:/run/fcgiwrap.socket', fastcgi_params => 'fastcgi_params', fastcgi_param => { 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend', 'GIT_PROJECT_ROOT' => $cgit::scan_path, 'GIT_HTTP_EXPORT_ALL' => '""', 'PATH_INFO' => '$1', }, } nginx::resource::location { '~ (.*\.git/.*)': * => letsencrypt::conf::nginx::location($cgit::server_name), server => 'cgit', location_cfg_append => { auth_basic => '"CGit login"', auth_basic_user_file => $cgit::htpasswd, }, fastcgi => 'unix:/run/fcgiwrap.socket', fastcgi_params => 'fastcgi_params', fastcgi_param => { 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend', 'GIT_PROJECT_ROOT' => $cgit::scan_path, 'GIT_HTTP_EXPORT_ALL' => '""', 'PATH_INFO' => '$1', }, } }