From d8a58015ece1e072ca38f8ed973d0639e6b902b3 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Thu, 11 Apr 2024 11:19:06 +0200 Subject: linde: use tcp6 for fcgiwrap --- system/linde.nix | 124 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 66 insertions(+), 58 deletions(-) diff --git a/system/linde.nix b/system/linde.nix index 11818395..edccf22f 100644 --- a/system/linde.nix +++ b/system/linde.nix @@ -593,69 +593,74 @@ in file_server browse ''; }; - "git.alanpearce.eu" = { - useACMEHost = "alanpearce.eu"; - extraConfig = '' - root * ${pkgs.cgit-pink}/cgit/ - encode gzip zstd - handle_path /custom/* { - file_server { - root /srv/http/cgit/ - } - } - rewrite /robots.txt /assets/robots.txt - handle_path /assets/* { - file_server { - hide cgit.cgi + "git.alanpearce.eu" = + let + fcgi = config.services.fcgiwrap; + fcgisocket = "${fcgi.socketType}/${fcgi.socketAddress}"; + in + { + useACMEHost = "alanpearce.eu"; + extraConfig = '' + root * ${pkgs.cgit-pink}/cgit/ + encode gzip zstd + handle_path /custom/* { + file_server { + root /srv/http/cgit/ + } } - } - @git_http_backend path_regexp "^/.+/(info/refs|git-upload-pack)$" - handle @git_http_backend { - reverse_proxy unix/run/fcgiwrap.sock { - transport fastcgi { - env SCRIPT_FILENAME ${pkgs.git}/libexec/git-core/git-http-backend - env GIT_PROJECT_ROOT ${config.services.gitolite.dataDir}/repositories + rewrite /robots.txt /assets/robots.txt + handle_path /assets/* { + file_server { + hide cgit.cgi } } - } - handle { - reverse_proxy unix/run/fcgiwrap.sock { - transport fastcgi { - env SCRIPT_FILENAME {http.vars.root}/cgit.cgi - env CGIT_CONFIG ${pkgs.writeText "cgitrc" '' - head-include=/srv/http/cgit/responsive-cgit-css-master/head.html - css=/custom/custom.css - virtual-root=/ - logo= - readme=:README.md - source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh - enable-git-config=1 - enable-index-owner=0 - enable-index-links=1 - enable-follow-links=0 - enable-log-linecount=1 - max-stats=year - snapshots=tar.lz tar.zst zip - cache-size=10240 - enable-http-clone=1 - enable-commit-graph=1 - mimetype-file=${pkgs.nginx}/conf/mime.types - section-from-path=1 - side-by-side-diffs=1 - noplainemail=1 - repository-sort=age - root-title=my personal projects - clone-url=git://git.alanpearce.eu/$CGIT_REPO_URL https://git.alanpearce.eu/$CGIT_REPO_URL - remove-suffix=1 - strict-export=git-daemon-export-ok - scan-path=${config.services.gitolite.dataDir}/repositories/ - ''} + @git_http_backend path_regexp "^/.+/(info/refs|git-upload-pack)$" + handle @git_http_backend { + reverse_proxy ${fcgisocket} { + transport fastcgi { + env SCRIPT_FILENAME ${pkgs.git}/libexec/git-core/git-http-backend + env GIT_PROJECT_ROOT ${config.services.gitolite.dataDir}/repositories } } - } - ''; - }; + } + handle { + reverse_proxy ${fcgisocket} { + transport fastcgi { + env SCRIPT_FILENAME {http.vars.root}/cgit.cgi + env CGIT_CONFIG ${pkgs.writeText "cgitrc" '' + head-include=/srv/http/cgit/responsive-cgit-css-master/head.html + css=/custom/custom.css + virtual-root=/ + logo= + readme=:README.md + source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh + enable-git-config=1 + enable-index-owner=0 + enable-index-links=1 + enable-follow-links=0 + enable-log-linecount=1 + max-stats=year + snapshots=tar.lz tar.zst zip + cache-size=10240 + enable-http-clone=1 + enable-commit-graph=1 + mimetype-file=${pkgs.nginx}/conf/mime.types + section-from-path=1 + side-by-side-diffs=1 + noplainemail=1 + repository-sort=age + root-title=my personal projects + clone-url=git://git.alanpearce.eu/$CGIT_REPO_URL https://git.alanpearce.eu/$CGIT_REPO_URL + remove-suffix=1 + strict-export=git-daemon-export-ok + scan-path=${config.services.gitolite.dataDir}/repositories/ + ''} + } + } + } + ''; + }; "ntfy.alanpearce.eu" = { useACMEHost = "alanpearce.eu"; extraConfig = '' @@ -704,6 +709,9 @@ in services.fcgiwrap = { enable = true; group = "gitolite"; + preforkProcesses = 2; + socketType = "tcp6"; + socketAddress = "[::1]:9000"; }; services.gitolite = { enable = true; -- cgit 1.4.1