From bc0884bea403ed61abb4149633a33071b44fd36f Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Fri, 17 Feb 2023 11:15:38 -0800 Subject: add cgit config --- .../bia/ansible/roles/cgit/templates/cgit.conf.j2 | 64 +++++++++++++++++++--- .../bia/ansible/roles/cgit/templates/cgitrc.j2 | 17 +++++- .../ansible/roles/cgit/templates/gitolite.rc.j2 | 13 +++-- .../bia/ansible/roles/cgit/templates/nginx.conf.j2 | 2 +- 4 files changed, 79 insertions(+), 17 deletions(-) (limited to 'clarkzjw.cc/config/bia/ansible') diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 index 9504e29..ae5287d 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 @@ -1,15 +1,59 @@ server { - server_name {{ lookup('env', 'CGIT_DOMAIN') }}; + server_name git.jinwei.me; + + return 404; + + listen 443 ssl; # managed by Certbot + ssl_certificate /usr/local/etc/letsencrypt/live/cgit.jinwei.me/fullchain.pem; # managed by Certbot + ssl_certificate_key /usr/local/etc/letsencrypt/live/cgit.jinwei.me/privkey.pem; # managed by Certbot + include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = git.jinwei.me) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name git.jinwei.me; + listen 80; + return 404; # managed by Certbot +} + +server { + if ($host = cgit.jinwei.me) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name cgit.jinwei.me; + + listen 80; + return 404; # managed by Certbot +} + +server { + server_name cgit.jinwei.me; root /usr/local/www/cgit; try_files $uri @cgit; location @cgit { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; + } + + location /assets { + root /var/www/cgit.jinwei.me; + disable_symlinks off; + } + + location /static { + alias /var/www/cgit.jinwei.me/static; + expires 24h; + try_files $uri =404; } error_page 500 502 503 504 /50x.html; @@ -17,5 +61,9 @@ server { root /usr/local/www/nginx-dist; } - listen 80; + listen 443 ssl; # managed by Certbot + ssl_certificate /usr/local/etc/letsencrypt/live/cgit.jinwei.me/fullchain.pem; # managed by Certbot + ssl_certificate_key /usr/local/etc/letsencrypt/live/cgit.jinwei.me/privkey.pem; # managed by Certbot + include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgitrc.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgitrc.j2 index 39585fd..5504b57 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgitrc.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgitrc.j2 @@ -1,19 +1,26 @@ ## style-sheet and custom logo -css=/cgit.css +css=/static/cgit.css logo=/cgit.png +noheader=0 +embedded=0 ## root for all cgit links virtual-root=/ ## root config -root-title={{ lookup('env', 'CGIT_DOMAIN') }} -root-desc=clarkzjw's personal git server +root-title=Clarkzjw's Git Server +root-desc= root-readme=/var/www/{{ lookup('env', 'CGIT_DOMAIN') }}/index.html +head-include=/var/www/{{ lookup('env', 'CGIT_DOMAIN') }}/head +header=/var/www/{{ lookup('env', 'CGIT_DOMAIN') }}/header +footer=/var/www/{{ lookup('env', 'CGIT_DOMAIN') }}/footer ## syntax highlighting source-filter=/usr/local/lib/cgit/filters/syntax-highlighting.py about-filter=/usr/local/lib/cgit/filters/about-formatting.sh +clone-url=https://{{ lookup('env', 'CGIT_DOMAIN') }}/$CGIT_REPO_URL git@{{ lookup('env', 'CGIT_SSH_DOMAIN') }}:$CGIT_REPO_URL + ## mimetype mimetype.gif=image/gif mimetype.html=text/html @@ -25,6 +32,7 @@ mimetype.png=image/png mimetype.svg=image/svg+xml ## features +repository-sort=age remove-suffix=1 enable-remote-branches=1 enable-index-links=1 @@ -33,6 +41,9 @@ enable-git-config=1 enable-commit-graph=1 enable-log-filecount=1 enable-log-linecount=1 +enable-http-clone=1 +enable-blame=1 +side-by-side-diffs=1 ## readme readme=:README.md diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/gitolite.rc.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/gitolite.rc.j2 index e8f016f..418e5d1 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/gitolite.rc.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/gitolite.rc.j2 @@ -47,6 +47,8 @@ WRITERS => 1, }, + UKM_CONGFIG => { SELFKEY_MANAGEMENT => 1, }, + # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! # CACHE => 'Redis', @@ -102,9 +104,10 @@ # 'mirror', 'readme', # 'sskm', - # 'D', - - # These FEATURES are enabled by default. + 'D', + # https://gitolite.com/gitolite/contrib/ukm.html + 'ukm', + # These FEATURES are enabled by default. # essential (unless you're using smart-http mode) 'ssh-authkeys', @@ -124,7 +127,7 @@ # user-visible behaviour # prevent wild repos auto-create on fetch/clone - #'no-create-on-read', + #'no-create-on-read', # no auto-create at all (don't forget to enable the 'create' command!) # 'no-auto-create', @@ -160,7 +163,7 @@ # 'upstream', # updates 'description' file instead of 'gitweb.description' config item - 'cgit', + 'cgit', # allow repo-specific hooks to be added # 'repo-specific-hooks', diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 index 1380132..c09c850 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/nginx.conf.j2 @@ -1,4 +1,5 @@ worker_processes auto; +user www; events { worker_connections 1024; @@ -12,6 +13,5 @@ http { keepalive_timeout 65; gzip on; - include /usr/local/etc/nginx/conf.d/*.conf; } -- cgit v1.2.3