Serve "proper" git HTTPS remote on git.twilken.net

...and move cgit to cgit.twilken.net to accommodate this.
author: Timo Wilken 2023-12-11 23:31:49 +0100
committer: Timo Wilken 2023-12-11 23:51:34 +0100
commit: b9b90cbfd1bc41750a1226faf0d414e8a4f98cf4 (patch)
tree: 0f99a3ad5ad2e5a8f695aaeb9b71c202c2ceda70 /tw
parent: 518ce823220bc9908be1fe93e375a922cce6b588 (diff)
1 files changed, 21 insertions, 2 deletions
diff --git a/tw/system/lud.scm b/tw/system/lud.scm
index aee35d4f..a7fe67db 100644
--- a/tw/system/lud.scm
+++ b/tw/system/lud.scm
@@ -115,17 +115,36 @@ that I just want to host somewhere.")
                (nginx
                 (list (nginx-server-configuration
                        (inherit %cgit-configuration-nginx)
+                       (server-name '("cgit.twilken.net"))
+                       (listen '("443 ssl http2"))
+                       (ssl-certificate "/etc/letsencrypt/live/git.twilken.net/fullchain.pem")
+                       (ssl-certificate-key "/etc/letsencrypt/live/git.twilken.net/privkey.pem"))
+                      ;; Also run `git-http-backend' to serve git repos over HTTP properly.
+                      ;; Cgit can only serve as a "dumb" remote, from which Guix can't pull a channel.
+                      (nginx-server-configuration
                        (server-name '("git.twilken.net"))
                        (listen '("443 ssl http2"))
                        (ssl-certificate "/etc/letsencrypt/live/git.twilken.net/fullchain.pem")
-                       (ssl-certificate-key "/etc/letsencrypt/live/git.twilken.net/privkey.pem"))))))
+                       (ssl-certificate-key "/etc/letsencrypt/live/git.twilken.net/privkey.pem")
+                       (locations
+                        (list (nginx-location-configuration
+                               (inherit (git-http-nginx-location-configuration
+                                         (git-http-configuration (uri-path "/"))))
+                               ;; Fix location URI -- `git-http-nginx-location-configuration'
+                               ;; adds a double slash in the beginning if `uri-path' is "/".
+                               (uri "~ (/.*)"))
+                              ;; Cgit used to be hosted at git.twilken.net.
+                              ;; Redirect to the new host only for the homepage.
+                              (nginx-location-configuration
+                               (uri "= /")
+                               (body '("return 301 https://cgit.twilken.net/;"))))))))))
 
             (simple-service 'cgit-repo-access activation-service-type
               #~(system* #$(file-append acl "/bin/setfacl") "-m" "u:fcgiwrap:rx" "/srv/git"))
 
             (simple-service 'cgit-certificate certbot-service-type
               (list (certificate-configuration
-                     (domains '("git.twilken.net"))
+                     (domains '("git.twilken.net" "cgit.twilken.net"))
                      (deploy-hook %nginx-cert-deploy-hook))))
 
             (simple-service 'git-backups restic-backup-service-type
author	Timo Wilken	2023-12-11 23:31:49 +0100
committer	Timo Wilken	2023-12-11 23:51:34 +0100
commit	b9b90cbfd1bc41750a1226faf0d414e8a4f98cf4 (patch)
tree	0f99a3ad5ad2e5a8f695aaeb9b71c202c2ceda70 /tw
parent	518ce823220bc9908be1fe93e375a922cce6b588 (diff)