mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-04 03:53:56 +00:00
4f0dadbf38
After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-builda08b3a4d19
.tar.gz \ --argstr baseRevb32a094368
result/bin/apply-formatting $NIXPKGS_PATH
99 lines
3.1 KiB
Nix
99 lines
3.1 KiB
Nix
import ./make-test-python.nix (
|
|
{ pkgs, ... }:
|
|
|
|
let
|
|
user = "gitolite-admin";
|
|
password = "some_password";
|
|
|
|
# not used but needed to setup gitolite
|
|
adminPublicKey = ''
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
|
|
'';
|
|
in
|
|
{
|
|
name = "gitolite-fcgiwrap";
|
|
|
|
meta = with pkgs.lib.maintainers; {
|
|
maintainers = [ bbigras ];
|
|
};
|
|
|
|
nodes = {
|
|
|
|
server =
|
|
{ config, ... }:
|
|
{
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
services.fcgiwrap.instances.gitolite = {
|
|
process.user = "gitolite";
|
|
process.group = "gitolite";
|
|
socket = { inherit (config.services.nginx) user group; };
|
|
};
|
|
|
|
services.gitolite = {
|
|
enable = true;
|
|
adminPubkey = adminPublicKey;
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
virtualHosts."server".locations."/git".extraConfig = ''
|
|
# turn off gzip as git objects are already well compressed
|
|
gzip off;
|
|
|
|
# use file based basic authentication
|
|
auth_basic "Git Repository Authentication";
|
|
auth_basic_user_file /etc/gitolite/htpasswd;
|
|
|
|
# common FastCGI parameters are required
|
|
include ${config.services.nginx.package}/conf/fastcgi_params;
|
|
|
|
# strip the CGI program prefix
|
|
fastcgi_split_path_info ^(/git)(.*)$;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
|
|
# pass authenticated user login(mandatory) to Gitolite
|
|
fastcgi_param REMOTE_USER $remote_user;
|
|
|
|
# pass git repository root directory and hosting user directory
|
|
# these env variables can be set in a wrapper script
|
|
fastcgi_param GIT_HTTP_EXPORT_ALL "";
|
|
fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories;
|
|
fastcgi_param GITOLITE_HTTP_HOME /var/lib/gitolite;
|
|
fastcgi_param SCRIPT_FILENAME ${pkgs.gitolite}/bin/gitolite-shell;
|
|
|
|
# use Unix domain socket or inet socket
|
|
fastcgi_pass unix:${config.services.fcgiwrap.instances.gitolite.socket.address};
|
|
'';
|
|
};
|
|
|
|
# WARNING: DON'T DO THIS IN PRODUCTION!
|
|
# This puts unhashed secrets directly into the Nix store for ease of testing.
|
|
environment.etc."gitolite/htpasswd".source = pkgs.runCommand "htpasswd" { } ''
|
|
${pkgs.apacheHttpd}/bin/htpasswd -bc "$out" ${user} ${password}
|
|
'';
|
|
};
|
|
|
|
client =
|
|
{ pkgs, ... }:
|
|
{
|
|
environment.systemPackages = [ pkgs.git ];
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
start_all()
|
|
|
|
server.wait_for_unit("gitolite-init.service")
|
|
server.wait_for_unit("nginx.service")
|
|
server.wait_for_file("/run/fcgiwrap-gitolite.sock")
|
|
|
|
client.wait_for_unit("multi-user.target")
|
|
client.succeed(
|
|
"git clone http://${user}:${password}@server/git/gitolite-admin.git"
|
|
)
|
|
'';
|
|
}
|
|
)
|