diff options
Diffstat (limited to 'clarkzjw.cc/config/bia/ansible/roles')
4 files changed, 79 insertions, 17 deletions
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 index 9504e29..ae5287d 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 | |||
@@ -1,15 +1,59 @@ | |||
1 | server { | 1 | server { |
2 | server_name {{ lookup('env', 'CGIT_DOMAIN') }}; | 2 | server_name git.jinwei.me; |
3 | |||
4 | return 404; | ||
5 | |||
6 | listen 443 ssl; # managed by Certbot | ||
7 | ssl_certificate /usr/local/etc/letsencrypt/live/cgit.jinwei.me/fullchain.pem; # managed by Certbot | ||
8 | ssl_certificate_key /usr/local/etc/letsencrypt/live/cgit.jinwei.me/privkey.pem; # managed by Certbot | ||
9 | include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | ||
10 | ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | ||
11 | } | ||
12 | |||
13 | server { | ||
14 | if ($host = git.jinwei.me) { | ||
15 | return 301 https://$host$request_uri; | ||
16 | } # managed by Certbot | ||
17 | |||
18 | server_name git.jinwei.me; | ||
19 | listen 80; | ||
20 | return 404; # managed by Certbot | ||
21 | } | ||
22 | |||
23 | server { | ||
24 | if ($host = cgit.jinwei.me) { | ||
25 | return 301 https://$host$request_uri; | ||
26 | } # managed by Certbot | ||
27 | |||
28 | server_name cgit.jinwei.me; | ||
29 | |||
30 | listen 80; | ||
31 | return 404; # managed by Certbot | ||
32 | } | ||
33 | |||
34 | server { | ||
35 | server_name cgit.jinwei.me; | ||
3 | root /usr/local/www/cgit; | 36 | root /usr/local/www/cgit; |
4 | try_files $uri @cgit; | 37 | try_files $uri @cgit; |
5 | 38 | ||
6 | location @cgit { | 39 | location @cgit { |
7 | include fastcgi_params; | 40 | include fastcgi_params; |
8 | fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi; | 41 | fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi; |
9 | fastcgi_param PATH_INFO $uri; | 42 | fastcgi_param PATH_INFO $uri; |
10 | fastcgi_param QUERY_STRING $args; | 43 | fastcgi_param QUERY_STRING $args; |
11 | fastcgi_param HTTP_HOST $server_name; | 44 | fastcgi_param HTTP_HOST $server_name; |
12 | fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; | 45 | fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; |
46 | } | ||
47 | |||
48 | location /assets { | ||
49 | root /var/www/cgit.jinwei.me; | ||
50 | disable_symlinks off; | ||
51 | } | ||
52 | |||
53 | location /static { | ||
54 | alias /var/www/cgit.jinwei.me/static; | ||
55 | expires 24h; | ||
56 | try_files $uri =404; | ||
13 | } | 57 | } |
14 | 58 | ||
15 | error_page 500 502 503 504 /50x.html; | 59 | error_page 500 502 503 504 /50x.html; |
@@ -17,5 +61,9 @@ server { | |||
17 | root /usr/local/www/nginx-dist; | 61 | root /usr/local/www/nginx-dist; |
18 | } | 62 | } |
19 | 63 | ||
20 | listen 80; | 64 | listen 443 ssl; # managed by Certbot |
65 | ssl_certificate /usr/local/etc/letsencrypt/live/cgit.jinwei.me/fullchain.pem; # managed by Certbot | ||
66 | ssl_certificate_key /usr/local/etc/letsencrypt/live/cgit.jinwei.me/privkey.pem; # managed by Certbot | ||
67 | include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | ||
68 | ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | ||
21 | } | 69 | } |
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgitrc.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgitrc.j2 index 39585fd..5504b57 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgitrc.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgitrc.j2 | |||
@@ -1,19 +1,26 @@ | |||
1 | ## style-sheet and custom logo | 1 | ## style-sheet and custom logo |
2 | css=/cgit.css | 2 | css=/static/cgit.css |
3 | logo=/cgit.png | 3 | logo=/cgit.png |
4 | noheader=0 | ||
5 | embedded=0 | ||
4 | 6 | ||
5 | ## root for all cgit links | 7 | ## root for all cgit links |
6 | virtual-root=/ | 8 | virtual-root=/ |
7 | 9 | ||
8 | ## root config | 10 | ## root config |
9 | root-title={{ lookup('env', 'CGIT_DOMAIN') }} | 11 | root-title=Clarkzjw's Git Server |
10 | root-desc=clarkzjw's personal git server | 12 | root-desc= |
11 | root-readme=/var/www/{{ lookup('env', 'CGIT_DOMAIN') }}/index.html | 13 | root-readme=/var/www/{{ lookup('env', 'CGIT_DOMAIN') }}/index.html |
14 | head-include=/var/www/{{ lookup('env', 'CGIT_DOMAIN') }}/head | ||
15 | header=/var/www/{{ lookup('env', 'CGIT_DOMAIN') }}/header | ||
16 | footer=/var/www/{{ lookup('env', 'CGIT_DOMAIN') }}/footer | ||
12 | 17 | ||
13 | ## syntax highlighting | 18 | ## syntax highlighting |
14 | source-filter=/usr/local/lib/cgit/filters/syntax-highlighting.py | 19 | source-filter=/usr/local/lib/cgit/filters/syntax-highlighting.py |
15 | about-filter=/usr/local/lib/cgit/filters/about-formatting.sh | 20 | about-filter=/usr/local/lib/cgit/filters/about-formatting.sh |
16 | 21 | ||
22 | clone-url=https://{{ lookup('env', 'CGIT_DOMAIN') }}/$CGIT_REPO_URL git@{{ lookup('env', 'CGIT_SSH_DOMAIN') }}:$CGIT_REPO_URL | ||
23 | |||
17 | ## mimetype | 24 | ## mimetype |
18 | mimetype.gif=image/gif | 25 | mimetype.gif=image/gif |
19 | mimetype.html=text/html | 26 | mimetype.html=text/html |
@@ -25,6 +32,7 @@ mimetype.png=image/png | |||
25 | mimetype.svg=image/svg+xml | 32 | mimetype.svg=image/svg+xml |
26 | 33 | ||
27 | ## features | 34 | ## features |
35 | repository-sort=age | ||
28 | remove-suffix=1 | 36 | remove-suffix=1 |
29 | enable-remote-branches=1 | 37 | enable-remote-branches=1 |
30 | enable-index-links=1 | 38 | enable-index-links=1 |
@@ -33,6 +41,9 @@ enable-git-config=1 | |||
33 | enable-commit-graph=1 | 41 | enable-commit-graph=1 |
34 | enable-log-filecount=1 | 42 | enable-log-filecount=1 |
35 | enable-log-linecount=1 | 43 | enable-log-linecount=1 |
44 | enable-http-clone=1 | ||
45 | enable-blame=1 | ||
46 | side-by-side-diffs=1 | ||
36 | 47 | ||
37 | ## readme | 48 | ## readme |
38 | readme=:README.md | 49 | readme=:README.md |
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/gitolite.rc.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/gitolite.rc.j2 index e8f016f..418e5d1 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/gitolite.rc.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/gitolite.rc.j2 | |||
@@ -47,6 +47,8 @@ | |||
47 | WRITERS => 1, | 47 | WRITERS => 1, |
48 | }, | 48 | }, |
49 | 49 | ||
50 | UKM_CONGFIG => { SELFKEY_MANAGEMENT => 1, }, | ||
51 | |||
50 | # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! | 52 | # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! |
51 | # CACHE => 'Redis', | 53 | # CACHE => 'Redis', |
52 | 54 | ||
@@ -102,9 +104,10 @@ | |||
102 | # 'mirror', | 104 | # 'mirror', |
103 | 'readme', | 105 | 'readme', |
104 | # 'sskm', | 106 | # 'sskm', |
105 | # 'D', | 107 | 'D', |
106 | 108 | # https://gitolite.com/gitolite/contrib/ukm.html | |
107 | # These FEATURES are enabled by default. | 109 | 'ukm', |
110 | # These FEATURES are enabled by default. | ||
108 | 111 | ||
109 | # essential (unless you're using smart-http mode) | 112 | # essential (unless you're using smart-http mode) |
110 | 'ssh-authkeys', | 113 | 'ssh-authkeys', |
@@ -124,7 +127,7 @@ | |||
124 | # user-visible behaviour | 127 | # user-visible behaviour |
125 | 128 | ||
126 | # prevent wild repos auto-create on fetch/clone | 129 | # prevent wild repos auto-create on fetch/clone |
127 | #'no-create-on-read', | 130 | #'no-create-on-read', |
128 | # no auto-create at all (don't forget to enable the 'create' command!) | 131 | # no auto-create at all (don't forget to enable the 'create' command!) |
129 | # 'no-auto-create', | 132 | # 'no-auto-create', |
130 | 133 | ||
@@ -160,7 +163,7 @@ | |||
160 | # 'upstream', | 163 | # 'upstream', |
161 | 164 | ||
162 | # updates 'description' file instead of 'gitweb.description' config item | 165 | # updates 'description' file instead of 'gitweb.description' config item |
163 | 'cgit', | 166 | 'cgit', |
164 | 167 | ||
165 | # allow repo-specific hooks to be added | 168 | # allow repo-specific hooks to be added |
166 | # 'repo-specific-hooks', | 169 | # 'repo-specific-hooks', |
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 index 1380132..c09c850 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 | |||
@@ -1,4 +1,5 @@ | |||
1 | worker_processes auto; | 1 | worker_processes auto; |
2 | user www; | ||
2 | 3 | ||
3 | events { | 4 | events { |
4 | worker_connections 1024; | 5 | worker_connections 1024; |
@@ -12,6 +13,5 @@ http { | |||
12 | keepalive_timeout 65; | 13 | keepalive_timeout 65; |
13 | gzip on; | 14 | gzip on; |
14 | 15 | ||
15 | |||
16 | include /usr/local/etc/nginx/conf.d/*.conf; | 16 | include /usr/local/etc/nginx/conf.d/*.conf; |
17 | } | 17 | } |