diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-12-30 00:20:37 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-12-30 00:29:55 +0100 |
| commit | e2efe48b245cf89e0a1f101233b5b05fa975c93b (patch) | |
| tree | b6971e406980b08324c2ecfe27c9ef6ffbd1d6d6 /manifests | |
| parent | Public repos.? (diff) | |
| download | webdav_server-e2efe48b245cf89e0a1f101233b5b05fa975c93b.tar.gz webdav_server-e2efe48b245cf89e0a1f101233b5b05fa975c93b.tar.xz | |
Move cgit setup to module.
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/site.pp | 89 |
1 files changed, 9 insertions, 80 deletions
diff --git a/manifests/site.pp b/manifests/site.pp index 1fca9eb..34ed9a7 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -154,24 +154,27 @@ node 'hornquist.se' { ], } - $cgit_root = '/var/www/cgit' $blog_root = '/var/www/blog' + $certname = 'hornquist' class { '::cgit': - root => $cgit_root, + root => '/var/www/cgit', root_title => 'Hornquist Git Repositiories', root_desc => 'ᛏᚨᚾᛞᛖᛋ᛫ᛖᚾᛞᚨᛋᛏ᛫ᛗᛟᛏ᛫ᛚᚨᛞᚨᚾᛋ᛫ᛈᛚᚨᚾ', + about_filter => 'hugo-pre.sh', auth_filter => 'hugo-authentication.lua', source_filter => 'hugo-highlighting.sh', + scan_path => '/home/git/git', - enable_http_clone => false, + enable_http_clone => false, clone_url => [ - 'https://git.hornquist.se/$CGIT_REPO_URL', - 'https://$HTTP_HOST$SCRIPT_NAME/$CGIT_REPO_URL', + 'https://git.hornquist.se/$CGIT_REPO_URL.git', 'git@hornquist.se:git/$CGIT_REPO_URL.git', - '(HTTP_only_for_public_repos)', ], + manage_server => 'nginx', + server_name => 'git.hornquist.se', + certname => $certname, } # https://buddy.works/blog/how-deploy-projects-with-git @@ -219,7 +222,6 @@ node 'hornquist.se' { }, } - $certname = 'hornquist' class { '::letsencrypt': config => { @@ -325,79 +327,6 @@ node 'hornquist.se' { www_root => '/var/www/wiki/public/html', } - nginx::resource::server { 'cgit': - server_name => [ - 'git.hornquist.se', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [], - try_files => [ '$uri', '@cgit' ], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => true, - www_root => $cgit_root, - ssl_redirect => true, - # /usr/lib/cgit/cgit.cgi - # /usr/share/cgit/cgit.css - } - - nginx::resource::location { '@cgit': - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - 'SCRIPT_FILENAME' => '/usr/lib/cgit/cgit.cgi', - 'PATH_INFO' => '$fastcgi_script_name', - 'QUERY_STRING' => '$args', - }, - ssl_only => true, - fastcgi => 'unix:/run/fcgiwrap.socket', - server => [ - 'cgit', - ], - } - - $cgit_htpasswd = '/var/lib/nginx/cgit-htpasswd' - file { $cgit_htpasswd: - ensure => file, - content => $cgit::users.map |$user| { - [$user['name'], $user['pass']].join(':') - }.join("\n") - } - - nginx::resource::location { - $cgit::public_repos.map |$repo| { "~ ^(/${repo}\\.git/.*)" }: - server => 'cgit', - ssl_only => true, - priority => 450, - fastcgi => 'unix:/run/fcgiwrap.socket', - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend', - 'GIT_PROJECT_ROOT' => '/home/git/git', - 'GIT_HTTP_EXPORT_ALL' => '""', - 'PATH_INFO' => '$1', - } - } - - - nginx::resource::location { '~ (.*\.git/.*)': - server => 'cgit', - ssl_only => true, - location_cfg_append => { - auth_basic => '"CGit login"', - auth_basic_user_file => $cgit_htpasswd, - }, - fastcgi => 'unix:/run/fcgiwrap.socket', - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend', - 'GIT_PROJECT_ROOT' => '/home/git/git', - 'GIT_HTTP_EXPORT_ALL' => '""', - 'PATH_INFO' => '$1', - } - } - nginx::resource::location { '/': try_files => ['$uri', '$uri/', '=404'], index_files => [], |