diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-12-30 00:20:37 +0100 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-12-30 00:29:55 +0100 |
commit | e2efe48b245cf89e0a1f101233b5b05fa975c93b (patch) | |
tree | b6971e406980b08324c2ecfe27c9ef6ffbd1d6d6 /modules/cgit/manifests/nginx.pp | |
parent | Public repos.? (diff) | |
download | webdav_server-e2efe48b245cf89e0a1f101233b5b05fa975c93b.tar.gz webdav_server-e2efe48b245cf89e0a1f101233b5b05fa975c93b.tar.xz |
Move cgit setup to module.
Diffstat (limited to 'modules/cgit/manifests/nginx.pp')
-rw-r--r-- | modules/cgit/manifests/nginx.pp | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/modules/cgit/manifests/nginx.pp b/modules/cgit/manifests/nginx.pp new file mode 100644 index 0000000..f2a1396 --- /dev/null +++ b/modules/cgit/manifests/nginx.pp @@ -0,0 +1,85 @@ +class cgit::nginx { + + if ($cgit::certname == undef) { + nginx::resource::server { 'cgit': + server_name => [ $cgit::server_name, ], + access_log => 'absent', + error_log => 'absent', + index_files => [], + try_files => [ '$uri', '@cgit' ], + ssl => false, + use_default_location => true, + www_root => $cgit_root, + } + } else { + nginx::resource::server { 'cgit': + server_name => [ $cgit::server_name, ], + access_log => 'absent', + error_log => 'absent', + index_files => [], + try_files => [ '$uri', '@cgit' ], + ssl => true, + ssl_cert => "/etc/letsencrypt/live/${cgit::certname}/fullchain.pem", + ssl_key => "/etc/letsencrypt/live/${cgit::certname}/privkey.pem", + use_default_location => true, + www_root => $cgit_root, + ssl_redirect => true, + } + } + + nginx::resource::location { '@cgit': + fastcgi_params => 'fastcgi_params', + fastcgi_param => { + 'SCRIPT_FILENAME' => '/usr/lib/cgit/cgit.cgi', + 'PATH_INFO' => '$fastcgi_script_name', + 'QUERY_STRING' => '$args', + }, + ssl_only => $cgit::certname != undef, + fastcgi => 'unix:/run/fcgiwrap.socket', + server => [ + 'cgit', + ], + } + + $cgit_htpasswd = '/var/lib/nginx/cgit-htpasswd' + file { $cgit_htpasswd: + ensure => file, + content => $cgit::users.map |$user| { + [$user['name'], $user['pass']].join(':') + }.join("\n") + } + + nginx::resource::location { + $cgit::public_repos.map |$repo| { "~ ^(/${repo}\\.git/.*)" }: + server => 'cgit', + ssl_only => $cgit::certname != undef, + priority => 450, + fastcgi => 'unix:/run/fcgiwrap.socket', + fastcgi_params => 'fastcgi_params', + fastcgi_param => { + 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend', + 'GIT_PROJECT_ROOT' => $cgit::scan_path, + 'GIT_HTTP_EXPORT_ALL' => '""', + 'PATH_INFO' => '$1', + } + } + + + nginx::resource::location { '~ (.*\.git/.*)': + server => 'cgit', + ssl_only => $cgit::certname != undef, + location_cfg_append => { + auth_basic => '"CGit login"', + auth_basic_user_file => $cgit_htpasswd, + }, + fastcgi => 'unix:/run/fcgiwrap.socket', + fastcgi_params => 'fastcgi_params', + fastcgi_param => { + 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend', + 'GIT_PROJECT_ROOT' => $cgit::scan_path, + 'GIT_HTTP_EXPORT_ALL' => '""', + 'PATH_INFO' => '$1', + } + } + +} |