linde: use tcp6 for fcgiwrap

1 files changed, 66 insertions, 58 deletions

diff --git a/system/linde.nix b/system/linde.nix
index 11818395..edccf22f 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -593,69 +593,74 @@ in
           file_server browse
         '';
       };
-      "git.alanpearce.eu" = {
-        useACMEHost = "alanpearce.eu";
-        extraConfig = ''
-          root * ${pkgs.cgit-pink}/cgit/
-          encode gzip zstd
-          handle_path /custom/* {
-            file_server {
-              root /srv/http/cgit/
-            }
-          }
-          rewrite /robots.txt /assets/robots.txt
-          handle_path /assets/* {
-            file_server  {
-              hide cgit.cgi
+      "git.alanpearce.eu" =
+        let
+          fcgi = config.services.fcgiwrap;
+          fcgisocket = "${fcgi.socketType}/${fcgi.socketAddress}";
+        in
+        {
+          useACMEHost = "alanpearce.eu";
+          extraConfig = ''
+            root * ${pkgs.cgit-pink}/cgit/
+            encode gzip zstd
+            handle_path /custom/* {
+              file_server {
+                root /srv/http/cgit/
+              }
             }
-          }
-          @git_http_backend path_regexp "^/.+/(info/refs|git-upload-pack)$"
-          handle @git_http_backend {
-            reverse_proxy unix/run/fcgiwrap.sock {
-              transport fastcgi {
-                env SCRIPT_FILENAME ${pkgs.git}/libexec/git-core/git-http-backend
-                env GIT_PROJECT_ROOT ${config.services.gitolite.dataDir}/repositories
+            rewrite /robots.txt /assets/robots.txt
+            handle_path /assets/* {
+              file_server  {
+                hide cgit.cgi
               }
             }
-          }
-          handle {
-            reverse_proxy unix/run/fcgiwrap.sock {
-              transport fastcgi {
-                env       SCRIPT_FILENAME  {http.vars.root}/cgit.cgi
-                env       CGIT_CONFIG      ${pkgs.writeText "cgitrc" ''
-                  head-include=/srv/http/cgit/responsive-cgit-css-master/head.html
-                  css=/custom/custom.css
-                  virtual-root=/
-                  logo=
-                  readme=:README.md
-                  source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py
-                  about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh
-                  enable-git-config=1
-                  enable-index-owner=0
-                  enable-index-links=1
-                  enable-follow-links=0
-                  enable-log-linecount=1
-                  max-stats=year
-                  snapshots=tar.lz tar.zst zip
-                  cache-size=10240
-                  enable-http-clone=1
-                  enable-commit-graph=1
-                  mimetype-file=${pkgs.nginx}/conf/mime.types
-                  section-from-path=1
-                  side-by-side-diffs=1
-                  noplainemail=1
-                  repository-sort=age
-                  root-title=my personal projects
-                  clone-url=git://git.alanpearce.eu/$CGIT_REPO_URL https://git.alanpearce.eu/$CGIT_REPO_URL
-                  remove-suffix=1
-                  strict-export=git-daemon-export-ok
-                  scan-path=${config.services.gitolite.dataDir}/repositories/
-                ''}
+            @git_http_backend path_regexp "^/.+/(info/refs|git-upload-pack)$"
+            handle @git_http_backend {
+              reverse_proxy ${fcgisocket} {
+                transport fastcgi {
+                  env SCRIPT_FILENAME ${pkgs.git}/libexec/git-core/git-http-backend
+                  env GIT_PROJECT_ROOT ${config.services.gitolite.dataDir}/repositories
                 }
               }
-          }
-        '';
-      };
+            }
+            handle {
+              reverse_proxy ${fcgisocket} {
+                transport fastcgi {
+                  env       SCRIPT_FILENAME  {http.vars.root}/cgit.cgi
+                  env       CGIT_CONFIG      ${pkgs.writeText "cgitrc" ''
+                    head-include=/srv/http/cgit/responsive-cgit-css-master/head.html
+                    css=/custom/custom.css
+                    virtual-root=/
+                    logo=
+                    readme=:README.md
+                    source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py
+                    about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh
+                    enable-git-config=1
+                    enable-index-owner=0
+                    enable-index-links=1
+                    enable-follow-links=0
+                    enable-log-linecount=1
+                    max-stats=year
+                    snapshots=tar.lz tar.zst zip
+                    cache-size=10240
+                    enable-http-clone=1
+                    enable-commit-graph=1
+                    mimetype-file=${pkgs.nginx}/conf/mime.types
+                    section-from-path=1
+                    side-by-side-diffs=1
+                    noplainemail=1
+                    repository-sort=age
+                    root-title=my personal projects
+                    clone-url=git://git.alanpearce.eu/$CGIT_REPO_URL https://git.alanpearce.eu/$CGIT_REPO_URL
+                    remove-suffix=1
+                    strict-export=git-daemon-export-ok
+                    scan-path=${config.services.gitolite.dataDir}/repositories/
+                  ''}
+                  }
+                }
+            }
+          '';
+        };
       "ntfy.alanpearce.eu" = {
         useACMEHost = "alanpearce.eu";
         extraConfig = ''
@@ -704,6 +709,9 @@ in
   services.fcgiwrap = {
     enable = true;
     group = "gitolite";
+    preforkProcesses = 2;
+    socketType = "tcp6";
+    socketAddress = "[::1]:9000";
   };
   services.gitolite = {
     enable = true;