diff options
| author | Martin Fischer <martin@push-f.com> | 2026-01-04 18:03:21 +0100 |
|---|---|---|
| committer | Martin Fischer <martin@push-f.com> | 2026-01-04 19:19:25 +0100 |
| commit | a641687a30085cbd0c6768fae6aecb130dd5a6e1 (patch) | |
| tree | 357860f41b8f04429b75a6864080e23ea6114583 | |
| parent | 03d7666c626e63ccc56d384ed685c4ac89369b55 (diff) | |
deps: update nixos, nixos-small and nixpkgs-unstable
For hamac:
age: 1.2.1 -> 1.3.1
chromium: 142.0.7444.175 -> 143.0.7499.169
element-desktop: 1.12.3 -> 1.12.6
firefox: 145.0.2 -> 146.0.1
go: 1.25.4 -> 1.25.5
imagemagick: 7.1.2-8 -> 7.1.2-9
jujutsu: 0.35.0 -> 0.36.0
krita: 5.2.13 -> 5.2.14
mpv: 0.40.0 -> 0.41.0
networkmanager: 1.54.1 -> 1.54.3
thunderbird: 145.0 -> 146.0.1
wireshark-qt: 4.6.0 -> 4.6.2
zed-editor: 0.214.7 -> 0.217.3
For ev:
grafana-loki: 3.5.8 -> 3.6.3
miniflux: 2.2.14 -> 2.2.15
For tente:
grafana: 12.3.0 -> 12.3.1
grafana-loki: 3.5.8 -> 3.6.3
lego: 4.27.0 -> 4.29.0
matrix-conduit: 0.10.9 -> 0.10.11
rocksdb: 10.5.1 -> 10.7.5
| -rw-r--r-- | nixos/hosts/tente/cgit.nix | 286 | ||||
| -rw-r--r-- | nixos/hosts/tente/git-web.nix | 6 | ||||
| -rw-r--r-- | nixos/npins/sources.json | 12 |
3 files changed, 7 insertions, 297 deletions
diff --git a/nixos/hosts/tente/cgit.nix b/nixos/hosts/tente/cgit.nix deleted file mode 100644 index f24c131..0000000 --- a/nixos/hosts/tente/cgit.nix +++ /dev/null @@ -1,286 +0,0 @@ -# copied from nixpkgs to remove GIT_HTTP_EXPORT_ALL=1 for git-http-backend -{ - config, - lib, - pkgs, - ... -}: -let - cfgs = config.services.cgit; - - settingType = - with lib.types; - oneOf [ - bool - int - str - ]; - repeatedSettingType = - with lib.types; - oneOf [ - settingType - (listOf settingType) - ]; - - genAttrs' = names: f: lib.listToAttrs (map f names); - - regexEscape = - let - # taken from https://github.com/python/cpython/blob/05cb728d68a278d11466f9a6c8258d914135c96c/Lib/re.py#L251-L266 - special = [ - "(" - ")" - "[" - "]" - "{" - "}" - "?" - "*" - "+" - "-" - "|" - "^" - "$" - "\\" - "." - "&" - "~" - "#" - " " - "\t" - "\n" - "\r" - "" # \v / 0x0B - "" # \f / 0x0C - ]; - in - lib.replaceStrings special (map (c: "\\${c}") special); - - stripLocation = cfg: lib.removeSuffix "/" cfg.nginx.location; - - regexLocation = cfg: regexEscape (stripLocation cfg); - - mkFastcgiPass = name: cfg: '' - ${ - if cfg.nginx.location == "/" then - '' - fastcgi_param PATH_INFO $uri; - '' - else - '' - fastcgi_split_path_info ^(${regexLocation cfg})(/.+)$; - fastcgi_param PATH_INFO $fastcgi_path_info; - '' - }fastcgi_pass unix:${config.services.fcgiwrap.instances."cgit-${name}".socket.address}; - ''; - - cgitrcLine = - name: value: - "${name}=${ - if value == true then - "1" - else if value == false then - "0" - else - toString value - }"; - - # list value as multiple lines (for "readme" for example) - cgitrcEntry = - name: value: if lib.isList value then map (cgitrcLine name) value else [ (cgitrcLine name value) ]; - - mkCgitrc = - cfg: - pkgs.writeText "cgitrc" '' - # global settings - ${lib.concatStringsSep "\n" ( - lib.flatten ( - lib.mapAttrsToList cgitrcEntry ({ virtual-root = cfg.nginx.location; } // cfg.settings) - ) - )} - ${lib.optionalString (cfg.scanPath != null) (cgitrcLine "scan-path" cfg.scanPath)} - - # repository settings - ${lib.concatStrings ( - lib.mapAttrsToList (url: settings: '' - ${cgitrcLine "repo.url" url} - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: cgitrcLine "repo.${name}") settings)} - '') cfg.repos - )} - - # extra config - ${cfg.extraConfig} - ''; - - fcgiwrapUnitName = name: "fcgiwrap-cgit-${name}"; - fcgiwrapRuntimeDir = name: "/run/${fcgiwrapUnitName name}"; - gitProjectRoot = - name: cfg: if cfg.scanPath != null then cfg.scanPath else "${fcgiwrapRuntimeDir name}/repos"; - -in -{ - options = { - services.cgit = lib.mkOption { - description = "Configure cgit instances."; - default = { }; - type = lib.types.attrsOf ( - lib.types.submodule ( - { config, ... }: - { - options = { - enable = lib.mkEnableOption "cgit"; - - package = lib.mkPackageOption pkgs "cgit" { }; - - nginx.virtualHost = lib.mkOption { - description = "VirtualHost to serve cgit on, defaults to the attribute name."; - type = lib.types.str; - default = config._module.args.name; - example = "git.example.com"; - }; - - nginx.location = lib.mkOption { - description = "Location to serve cgit under."; - type = lib.types.str; - default = "/"; - example = "/git/"; - }; - - repos = lib.mkOption { - description = "cgit repository settings, see {manpage}`cgitrc(5)`"; - type = with lib.types; attrsOf (attrsOf settingType); - default = { }; - example = { - blah = { - path = "/var/lib/git/example"; - desc = "An example repository"; - }; - }; - }; - - scanPath = lib.mkOption { - description = "A path which will be scanned for repositories."; - type = lib.types.nullOr lib.types.path; - default = null; - example = "/var/lib/git"; - }; - - settings = lib.mkOption { - description = "cgit configuration, see {manpage}`cgitrc(5)`"; - type = lib.types.attrsOf repeatedSettingType; - default = { }; - example = lib.literalExpression '' - { - enable-follow-links = true; - source-filter = "''${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; - } - ''; - }; - - extraConfig = lib.mkOption { - description = "These lines go to the end of cgitrc verbatim."; - type = lib.types.lines; - default = ""; - }; - - user = lib.mkOption { - description = "User to run the cgit service as."; - type = lib.types.str; - default = "cgit"; - }; - - group = lib.mkOption { - description = "Group to run the cgit service as."; - type = lib.types.str; - default = "cgit"; - }; - }; - } - ) - ); - }; - }; - - config = lib.mkIf (lib.any (cfg: cfg.enable) (lib.attrValues cfgs)) { - assertions = lib.mapAttrsToList (vhost: cfg: { - assertion = !cfg.enable || (cfg.scanPath == null) != (cfg.repos == { }); - message = "Exactly one of services.cgit.${vhost}.scanPath or services.cgit.${vhost}.repos must be set."; - }) cfgs; - - users = lib.mkMerge ( - lib.flip lib.mapAttrsToList cfgs ( - _: cfg: { - users.${cfg.user} = { - isSystemUser = true; - inherit (cfg) group; - }; - groups.${cfg.group} = { }; - } - ) - ); - - services.fcgiwrap.instances = lib.flip lib.mapAttrs' cfgs ( - name: cfg: - lib.nameValuePair "cgit-${name}" { - process = { inherit (cfg) user group; }; - socket = { inherit (config.services.nginx) user group; }; - } - ); - - systemd.services = lib.flip lib.mapAttrs' cfgs ( - name: cfg: - lib.nameValuePair (fcgiwrapUnitName name) ( - lib.mkIf (cfg.repos != { }) { - serviceConfig.RuntimeDirectory = fcgiwrapUnitName name; - preStart = '' - GIT_PROJECT_ROOT=${lib.escapeShellArg (gitProjectRoot name cfg)} - mkdir -p "$GIT_PROJECT_ROOT" - cd "$GIT_PROJECT_ROOT" - ${lib.concatLines ( - lib.flip lib.mapAttrsToList cfg.repos ( - name: repo: '' - ln -s ${lib.escapeShellArg repo.path} ${lib.escapeShellArg name} - '' - ) - )} - ''; - } - ) - ); - - services.nginx.enable = true; - - services.nginx.virtualHosts = lib.mkMerge ( - lib.mapAttrsToList (name: cfg: { - ${cfg.nginx.virtualHost} = { - locations = - (genAttrs' [ "cgit.css" "cgit.png" "favicon.ico" "robots.txt" ] ( - fileName: - lib.nameValuePair "= ${stripLocation cfg}/${fileName}" { - alias = lib.mkDefault "${cfg.package}/cgit/${fileName}"; - } - )) - // { - "~ ${regexLocation cfg}/.+/(info/refs|git-upload-pack)" = { - fastcgiParams = rec { - SCRIPT_FILENAME = "${pkgs.git}/libexec/git-core/git-http-backend"; - GIT_PROJECT_ROOT = gitProjectRoot name cfg; - HOME = GIT_PROJECT_ROOT; - }; - extraConfig = mkFastcgiPass name cfg; - }; - "${stripLocation cfg}/" = { - fastcgiParams = { - SCRIPT_FILENAME = "${cfg.package}/cgit/cgit.cgi"; - QUERY_STRING = "$args"; - HTTP_HOST = "$server_name"; - CGIT_CONFIG = mkCgitrc cfg; - }; - extraConfig = mkFastcgiPass name cfg; - }; - }; - }; - }) cfgs - ); - }; -} diff --git a/nixos/hosts/tente/git-web.nix b/nixos/hosts/tente/git-web.nix index b153b7f..b648873 100644 --- a/nixos/hosts/tente/git-web.nix +++ b/nixos/hosts/tente/git-web.nix @@ -20,11 +20,6 @@ in }; }; - # We're using a patched cgit module to remove GIT_HTTP_EXPORT_ALL=1 for git-http-backend. - # FUTURE: use official module once https://github.com/NixOS/nixpkgs/pull/475112 has landed - disabledModules = ["services/networking/cgit.nix"]; - imports = [./cgit.nix]; - config = { services.nginx.virtualHosts.${cfg.domain} = { enableACME = true; @@ -46,6 +41,7 @@ in group = cfg.group; nginx.virtualHost = cfg.domain; scanPath = cfg.reposDir; + gitHttpBackend.checkExportOkFiles = true; settings = { strict-export = "git-daemon-export-ok"; remove-suffix = 1; diff --git a/nixos/npins/sources.json b/nixos/npins/sources.json index 29affe7..73b3165 100644 --- a/nixos/npins/sources.json +++ b/nixos/npins/sources.json @@ -126,20 +126,20 @@ "nixos": { "type": "Channel", "name": "nixos-25.11", - "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.746.1aab89277eb2/nixexprs.tar.xz", - "hash": "0jdlxk2ixq25z8ms2jwg0g3mjm07wa0daa1xf5mlri2vvrwrskav" + "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.3202.30a3c519afcf/nixexprs.tar.xz", + "hash": "1gsa22ibk3byzdlvav38gqzkyi8q4kcvv3a7a18y30p7aqxk6n8h" }, "nixos-small": { "type": "Channel", "name": "nixos-25.11-small", - "url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.896.6707b1809330/nixexprs.tar.xz", - "hash": "10ra8cgv95328pixls7bl1h28fd1b3fkcw1gr6m75wyjp4114ka2" + "url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.3191.7a0d60a03534/nixexprs.tar.xz", + "hash": "1n2df4iki4xy6xvn9r1yq5yk986lw9kyjkpbbbdj71b7l7i5ykpi" }, "nixpkgs-unstable": { "type": "Channel", "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre906210.ebc94f855ef2/nixexprs.tar.xz", - "hash": "1z1vx38czffkryc9nqxpg926xspk4jg86acaa8rkzkzx957lr41n" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre921317.16c7794d0a28/nixexprs.tar.xz", + "hash": "1p3lj604zhrw1lzw23bagmqazhd3ynigp61kqdxjaic2lgx9xa0v" }, "prometheus-sql-exporter": { "type": "GitRelease", |
