From b9b90cbfd1bc41750a1226faf0d414e8a4f98cf4 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Mon, 11 Dec 2023 23:31:49 +0100
Subject: Serve "proper" git HTTPS remote on git.twilken.net

...and move cgit to cgit.twilken.net to accommodate this.
---
 tw/system/lud.scm | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

(limited to 'tw')

diff --git a/tw/system/lud.scm b/tw/system/lud.scm
index aee35d4f..a7fe67db 100644
--- a/tw/system/lud.scm
+++ b/tw/system/lud.scm
@@ -115,17 +115,36 @@ that I just want to host somewhere.")
                (nginx
                 (list (nginx-server-configuration
                        (inherit %cgit-configuration-nginx)
+                       (server-name '("cgit.twilken.net"))
+                       (listen '("443 ssl http2"))
+                       (ssl-certificate "/etc/letsencrypt/live/git.twilken.net/fullchain.pem")
+                       (ssl-certificate-key "/etc/letsencrypt/live/git.twilken.net/privkey.pem"))
+                      ;; Also run `git-http-backend' to serve git repos over HTTP properly.
+                      ;; Cgit can only serve as a "dumb" remote, from which Guix can't pull a channel.
+                      (nginx-server-configuration
                        (server-name '("git.twilken.net"))
                        (listen '("443 ssl http2"))
                        (ssl-certificate "/etc/letsencrypt/live/git.twilken.net/fullchain.pem")
-                       (ssl-certificate-key "/etc/letsencrypt/live/git.twilken.net/privkey.pem"))))))
+                       (ssl-certificate-key "/etc/letsencrypt/live/git.twilken.net/privkey.pem")
+                       (locations
+                        (list (nginx-location-configuration
+                               (inherit (git-http-nginx-location-configuration
+                                         (git-http-configuration (uri-path "/"))))
+                               ;; Fix location URI -- `git-http-nginx-location-configuration'
+                               ;; adds a double slash in the beginning if `uri-path' is "/".
+                               (uri "~ (/.*)"))
+                              ;; Cgit used to be hosted at git.twilken.net.
+                              ;; Redirect to the new host only for the homepage.
+                              (nginx-location-configuration
+                               (uri "= /")
+                               (body '("return 301 https://cgit.twilken.net/;"))))))))))
 
             (simple-service 'cgit-repo-access activation-service-type
               #~(system* #$(file-append acl "/bin/setfacl") "-m" "u:fcgiwrap:rx" "/srv/git"))
 
             (simple-service 'cgit-certificate certbot-service-type
               (list (certificate-configuration
-                     (domains '("git.twilken.net"))
+                     (domains '("git.twilken.net" "cgit.twilken.net"))
                      (deploy-hook %nginx-cert-deploy-hook))))
 
             (simple-service 'git-backups restic-backup-service-type
-- 
cgit v1.2.3