From 70018fdd7ab23047a97196cb0e6f2d5b2079ff5e Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Sat, 10 Dec 2022 20:48:57 +0100 Subject: add git.koszko.org virtualhost --- Makefile | 8 ++++ container.scm | 131 +++++++++++++++++++++++++++++++++++++++++++++++++----- guix-container.sh | 3 ++ hosts-extra | 4 ++ 4 files changed, 135 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 25558e3..27034d7 100644 --- a/Makefile +++ b/Makefile @@ -69,6 +69,7 @@ sample-malcontent: HYDRILLA_WEBSITE_ETC_DIR = $(TEST_ROOT_DIR)/etc/guix-container/hydrilla-website MALCONTENT_DIR = $(TEST_ROOT_DIR)/var/lib/hydrilla/malcontent_dirs +GITOLITE_DIR = $(TEST_ROOT_DIR)/var/lib/gitolite3 prepare-test-root: sample-malcontent rm -rf $(TEST_ROOT_DIR) @@ -94,6 +95,13 @@ prepare-test-root: sample-malcontent mkdir -p $(MALCONTENT_DIR)/api_v2 ln -sf api_v2 $(MALCONTENT_DIR)/api_v1 cp -r $ $(GITOLITE_DIR)/projects.list + chmod -R o-rwx,g-w $(GITOLITE_DIR) + chgrp -R 118 $(GITOLITE_DIR) GUIX_CONTAINER_FLAGS = -e ./container-runner -p ./pidfile -r $(TEST_ROOT_DIR) diff --git a/container.scm b/container.scm index 6f389be..2b1aa81 100644 --- a/container.scm +++ b/container.scm @@ -19,6 +19,7 @@ (guix modules)) (use-package-modules web) (use-package-modules python) +(use-package-modules version-control) (use-service-modules web) (use-service-modules shepherd) @@ -42,7 +43,7 @@ arg)) ((? symbol?) (httpd-conf-token (symbol->string arg))) - ((? gexp?) + (_ #~(let ((gexp-value #$arg)) (if (string-contains gexp-value " ") (format #f "~s" gexp-value) @@ -102,6 +103,94 @@ (define %koszkonutek-tmp-virtualhost (koszko-httpd-virtualhost-redirect "koszkonutek-tmp.pl.eu.org" "koszko.org")) +(define %cgitrc-text + (g-string-join + `("css=/cgit-static/cgit.css" + "logo=/cgit-static/cgit.png" + "favicon=/cgit-static/favicon.ico" + + ,(g-string-append "source-filter=" + cgit "/lib/cgit/filters/syntax-highlighting.sh") + "snapshots=tar.gz zip" + "project-list=/var/lib/gitolite3/projects.list" + "remove-suffix=1" + "virtual-root=/" + + "enable-index-links=1" + "enable-index-owner=0" + "footer=/var/lib/gitolite3/cgit-footer" + "max-blob-size=100" + "root-desc=repositories of Wojtek" + + "mimetype.gif=image/gif" + "mimetype.html=text/html" + "mimetype.jpg=image/jpeg" + "mimetype.jpeg=image/jpeg" + "mimetype.pdf=application/pdf" + "mimetype.png=image/png" + "mimetype.svg=image/svg+xml" + + ,(g-string-append "about-filter=" + cgit "/lib/cgit/filters/about-formatting.sh") + + ,@(apply append + (map (lambda (file-name) + (map (lambda (suffix) + (string-append "readme=" file-name suffix)) + '(".md" ".mkd" ".rst" ".html" ".htm" ".txt" ""))) + '("readme" "README" "install" "INSTALL"))) + + "scan-path=/var/lib/gitolite3/repositories") + "\n")) + +(define %cgitrc-file + (computed-file "cgitrc" + #~(with-output-to-file #$output + (lambda () (display #$%cgitrc-text))))) + +(define %git-virtualhost + (httpd-virtualhost + "*:80" + `(,@(koszko-httpd-server-meta "git.koszko.org") + + ,(koszko-httpd-redirect-if-other-host "git.koszko.org") + + ;; Hachette got renamed to "Haketilo", repo moved + ,(httpd-directive + 'Redirect 'permanent "/hachette-fixes-demo" "/haketilo-fixes-demo") + + ;; Make HTTP clone happen through git-core instead of through CGit. CGit + ;; only supports old HTTP "dumb" cloning protocol while we want the new + ;; "smart" protocol. + ,(httpd-tag 'Directory (list (g-package-file git "/libexec/git-core")) + (httpd-directive 'Require 'all 'granted) + (httpd-directive + 'SetEnv "GIT_PROJECT_ROOT" "/var/lib/gitolite3/repositories") + (httpd-directive + 'SetEnv "GIT_HTTP_EXPORT_ALL")) + + ,(httpd-directive + 'ScriptAliasMatch + "^/(.*/(HEAD|info/refs|objects/info/[^/]+|git-upload-pack))$" + (g-package-file git "/libexec/git-core/git-http-backend/$1")) + + ;; Once all git-http-backend paths got handled, handle CGit ones. + ,(httpd-directive + 'Alias "/cgit-static" (g-package-file cgit "/share/cgit")) + + ,(httpd-directive + 'SetEnv "CGIT_CONFIG" %cgitrc-file) + + ,(httpd-directive + 'ScriptAlias "/" (g-package-file cgit "/lib/cgit/cgit.cgi/")) + + ,(httpd-tag 'Directory (list (g-package-file cgit "/lib/cgit/")) + (httpd-directive 'Options '+ExecCGI))))) + +(define %git-koszkonutek-tmp-virtualhost + (koszko-httpd-virtualhost-redirect "git.koszkonutek-tmp.pl.eu.org" + "git.koszko.org")) + (define %sheets-virtualhosts (map (lambda (name) @@ -213,6 +302,11 @@ ,(httpd-directive 'Options '+Indexes)))) +(define %cgid-module + (httpd-module + (name "cgid_module") + (file (file-append httpd "/modules/mod_cgid.so")))) + (define %wsgi-module (httpd-module (name "wsgi_module") @@ -243,7 +337,8 @@ (httpd-config-file (server-name "koszko.org") (error-log "/var/log/httpd/error.log") - (modules `(,%wsgi-module + (modules `(,%cgid-module + ,%wsgi-module ,@%proxy-http-modules ,%logio-module ,@%default-httpd-modules)) @@ -251,19 +346,31 @@ (list (string-join `("LogFormat" ,%logformat-combined "combined")) "\n" "CustomLog /var/log/httpd/access.log combined" "\n" - ))))))) + "ScriptSock /var/run/cgid.sock" "\n"))))))) (operating-system (host-name "koszko") (timezone "Europe/Warsaw") - (groups (cons* (user-group - ;; The `httpd` group must have an explicit id so that the host - ;; can provide files that are readable by Apache and not - ;; readable by the world. - (name "httpd") - (id 133) - (system? #t)) - %base-groups)) + (groups (cons* + ;; The `httpd` and `gitolite3` groups must have explicit ids so that + ;; the host can provide files that are readable by Apache and not + ;; readable by the world. + (user-group + (name "httpd") + (id 133) + (system? #t)) + (user-group + (name "gitolite3") + (id 118) + (system? #t)) + %base-groups)) + (users (cons* + (user-account + (name "httpd") + (group "httpd") + (supplementary-groups '("gitolite3")) + (system? #t)) + %base-user-accounts)) (file-systems (cons (file-system (device (file-system-label "does-not-matter")) (mount-point "/") @@ -277,6 +384,8 @@ (simple-service 'koszko-org-website httpd-service-type `(,%koszko-org-virtualhost ,%koszkonutek-tmp-virtualhost + ,%git-virtualhost + ,%git-koszkonutek-tmp-virtualhost ,@%sheets-virtualhosts ,%hydrillabugs-virtualhost ,%hachettebugs-virtualhost diff --git a/guix-container.sh b/guix-container.sh index 4134c29..265691c 100755 --- a/guix-container.sh +++ b/guix-container.sh @@ -87,6 +87,7 @@ start() { LOG_REAL="$LOG_DIR"/container ETC_REAL="$HOST_SYSTEM_ROOT"/etc/guix-container VAR_HYDRILLA_REAL="$HOST_SYSTEM_ROOT"/var/lib/hydrilla + VAR_GITOLITE_REAL="$HOST_SYSTEM_ROOT"/var/lib/gitolite3 KOSZKO_SIDELOAD_DIR_SHARE_OPT=--share="$KOSZKO_SIDELOAD_REAL"=/srv/http/koszko.org HYDRILLA_HTTP_DIR_SHARE_OPT=--share="$HYDRILLA_HTTP_REAL"=/srv/http/hydrilla.koszko.org @@ -94,6 +95,7 @@ start() { LOG_DIR_SHARE_OPT=--share="$LOG_REAL"=/var/log ETC_DIR_SHARE_OPT=--share="$ETC_REAL"=/etc VAR_HYDRILLA_DIR_SHARE_OPT=--share="$VAR_HYDRILLA_REAL"=/var/lib/hydrilla + VAR_GITOLITE_DIR_SHARE_OPT=--share="$VAR_GITOLITE_REAL"=/var/lib/gitolite3 mkdir --mode=700 -p "$LOG_DIR" mkdir --mode=700 -p "$LOG_DIR"/container @@ -104,6 +106,7 @@ start() { "$LOG_DIR_SHARE_OPT" \ "$ETC_DIR_SHARE_OPT" \ "$VAR_HYDRILLA_DIR_SHARE_OPT" \ + "$VAR_GITOLITE_DIR_SHARE_OPT" \ >> "$LOG_DIR"/stdout.log 2>> "$LOG_DIR"/stderr.log & GUILE_PID=$! diff --git a/hosts-extra b/hosts-extra index d15d1e4..c049147 100644 --- a/hosts-extra +++ b/hosts-extra @@ -8,6 +8,10 @@ 10.207.87.2 www.koszko.org 10.207.87.2 koszkonutek-tmp.pl.eu.org 10.207.87.2 www.koszkonutek-tmp.pl.eu.org +10.207.87.2 git.koszko.org +10.207.87.2 www.git.koszko.org +10.207.87.2 git.koszkonutek-tmp.pl.eu.org +10.207.87.2 www.git.koszkonutek-tmp.pl.eu.org 10.207.87.2 pray.koszko.org 10.207.87.2 www.pray.koszko.org 10.207.87.2 sheets.koszko.org -- cgit v1.2.3