commit ecaf9bee0c4abf9ef83b9861894933d1f9960c21
parent 3712248aeb935eb4dc6b05c9f5f1ae5da998a126
Author: Katja (zaphyra) <git@ctu.cx>
Date: Tue, 27 May 2025 15:15:49 +0200
parent 3712248aeb935eb4dc6b05c9f5f1ae5da998a126
Author: Katja (zaphyra) <git@ctu.cx>
Date: Tue, 27 May 2025 15:15:49 +0200
config/nixos/modules/websites/git.zaphyra.eu: add forwardings for legacy-domains
1 file changed, 84 insertions(+), 49 deletions(-)
M
|
133
++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------
diff --git a/config/nixos/modules/websites/git.zaphyra.eu.nix b/config/nixos/modules/websites/git.zaphyra.eu.nix @@ -162,7 +162,11 @@ in in { - dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ]; + dns.zones = { + "${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ]; + "ctu.cx".subdomains."${cfg.subdomain}".CNAME = [ "${config.networking.fqdn}." ]; + "ctu.cx".subdomains."cgit".CNAME = [ "${config.networking.fqdn}." ]; + }; sops.secrets."resticPasswords/gitolite" = { owner = "git"; @@ -226,57 +230,88 @@ in nginx = { enable = true; - virtualHosts."${cfg.subdomain}.${cfg.domain}" = { - useACMEHost = "${config.networking.fqdn}"; - forceSSL = true; - kTLS = true; - root = "/var/lib/stagit"; - locations = { - "@redir".return = "307 ../log.html"; - "~ '^/([a-zA-Z0-9_.]+)/commit/.*$'".extraConfig = "error_page 404 = @redir;"; - - "~* \.html$".extraConfig = '' - add_header Last-Modified $date_gmt; - add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; - if_modified_since off; - expires off; - etag off; - ''; - - "~ '^/[a-zA-Z0-9._-]+/raw'".extraConfig = '' - types { - application/json json; - - application/wasm wasm; - font/woff woff; - font/woff2 woff2; - - application/pdf pdf; - - image/gif gif; - image/jpeg jpeg jpg; - image/png png; - image/svg+xml svg svgz; - image/webp webp; - image/x-icon ico; - } - - default_type text/plain; - try_files $uri =404; - ''; - - "~ '^/[a-zA-Z0-9._-]+/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$'".extraConfig = - '' - if ($query_string = service=git-receive-pack) { - return 403; + virtualHosts = { + "cgit.ctu.cx" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + locations = { + "~ '^/[a-zA-Z0-9._-]+/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$'".return = + "307 https://${cfg.subdomain}.${cfg.domain}$request_uri"; + "~ '^/([a-zA-Z0-9_.]+)/*$'".return = "307 https://${cfg.subdomain}.${cfg.domain}/$1"; + "~ '^/([a-zA-Z0-9_.]+)/tree/([a-zA-Z0-9_./-]+[a-zA-Z0-9_-])/*$'".return = + "307 https://${cfg.subdomain}.${cfg.domain}/$1/tree/$2.html"; + "~ '^/([a-zA-Z0-9_.]+)/tree/*$'".return = "307 https://${cfg.subdomain}.${cfg.domain}/$1/tree.html"; + "~ '^/([a-zA-Z0-9_.]+)/log/*$'".return = "307 https://${cfg.subdomain}.${cfg.domain}/$1/log.html"; + "~ '^/([a-zA-Z0-9_.]+)/commit/*$'".extraConfig = '' + if ($arg_id) { + return 307 https://${cfg.subdomain}.${cfg.domain}/$1/commit/$arg_id.html; + } + + return 307 https://${cfg.subdomain}.${cfg.domain}/$1/log.html; + ''; + }; + }; + + "git.ctu.cx" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + locations."/".return = "307 https://${cfg.subdomain}.${cfg.domain}$request_uri"; + }; + + "${cfg.subdomain}.${cfg.domain}" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + root = "/var/lib/stagit"; + locations = { + "@redir".return = "307 ../log.html"; + "~ '^/([a-zA-Z0-9_.]+)/commit/.*$'".extraConfig = "error_page 404 = @redir;"; + + "~* \.html$".extraConfig = '' + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + ''; + + "~ '^/[a-zA-Z0-9._-]+/raw'".extraConfig = '' + types { + application/json json; + + application/wasm wasm; + font/woff woff; + font/woff2 woff2; + + application/pdf pdf; + + image/gif gif; + image/jpeg jpeg jpg; + image/png png; + image/svg+xml svg svgz; + image/webp webp; + image/x-icon ico; } - include "${pkgs.nginx}/conf/fastcgi_params"; - fastcgi_param SCRIPT_FILENAME "${pkgs.git}/libexec/git-core/git-http-backend"; - fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; - fastcgi_param PATH_INFO $uri; - fastcgi_pass unix:${config.services.fcgiwrap.instances.git.socket.address}; + default_type text/plain; + try_files $uri =404; ''; + + "~ '^/[a-zA-Z0-9._-]+/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$'".extraConfig = + '' + if ($query_string = service=git-receive-pack) { + return 403; + } + + include "${pkgs.nginx}/conf/fastcgi_params"; + fastcgi_param SCRIPT_FILENAME "${pkgs.git}/libexec/git-core/git-http-backend"; + fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + fastcgi_param PATH_INFO $uri; + fastcgi_pass unix:${config.services.fcgiwrap.instances.git.socket.address}; + ''; + }; }; }; };