aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Fischer <martin@push-f.com>2026-01-04 18:03:21 +0100
committerMartin Fischer <martin@push-f.com>2026-01-04 19:19:25 +0100
commita641687a30085cbd0c6768fae6aecb130dd5a6e1 (patch)
tree357860f41b8f04429b75a6864080e23ea6114583
parent03d7666c626e63ccc56d384ed685c4ac89369b55 (diff)
deps: update nixos, nixos-small and nixpkgs-unstable
For hamac: age: 1.2.1 -> 1.3.1 chromium: 142.0.7444.175 -> 143.0.7499.169 element-desktop: 1.12.3 -> 1.12.6 firefox: 145.0.2 -> 146.0.1 go: 1.25.4 -> 1.25.5 imagemagick: 7.1.2-8 -> 7.1.2-9 jujutsu: 0.35.0 -> 0.36.0 krita: 5.2.13 -> 5.2.14 mpv: 0.40.0 -> 0.41.0 networkmanager: 1.54.1 -> 1.54.3 thunderbird: 145.0 -> 146.0.1 wireshark-qt: 4.6.0 -> 4.6.2 zed-editor: 0.214.7 -> 0.217.3 For ev: grafana-loki: 3.5.8 -> 3.6.3 miniflux: 2.2.14 -> 2.2.15 For tente: grafana: 12.3.0 -> 12.3.1 grafana-loki: 3.5.8 -> 3.6.3 lego: 4.27.0 -> 4.29.0 matrix-conduit: 0.10.9 -> 0.10.11 rocksdb: 10.5.1 -> 10.7.5
-rw-r--r--nixos/hosts/tente/cgit.nix286
-rw-r--r--nixos/hosts/tente/git-web.nix6
-rw-r--r--nixos/npins/sources.json12
3 files changed, 7 insertions, 297 deletions
diff --git a/nixos/hosts/tente/cgit.nix b/nixos/hosts/tente/cgit.nix
deleted file mode 100644
index f24c131..0000000
--- a/nixos/hosts/tente/cgit.nix
+++ /dev/null
@@ -1,286 +0,0 @@
-# copied from nixpkgs to remove GIT_HTTP_EXPORT_ALL=1 for git-http-backend
-{
- config,
- lib,
- pkgs,
- ...
-}:
-let
- cfgs = config.services.cgit;
-
- settingType =
- with lib.types;
- oneOf [
- bool
- int
- str
- ];
- repeatedSettingType =
- with lib.types;
- oneOf [
- settingType
- (listOf settingType)
- ];
-
- genAttrs' = names: f: lib.listToAttrs (map f names);
-
- regexEscape =
- let
- # taken from https://github.com/python/cpython/blob/05cb728d68a278d11466f9a6c8258d914135c96c/Lib/re.py#L251-L266
- special = [
- "("
- ")"
- "["
- "]"
- "{"
- "}"
- "?"
- "*"
- "+"
- "-"
- "|"
- "^"
- "$"
- "\\"
- "."
- "&"
- "~"
- "#"
- " "
- "\t"
- "\n"
- "\r"
- " " # \v / 0x0B
- " " # \f / 0x0C
- ];
- in
- lib.replaceStrings special (map (c: "\\${c}") special);
-
- stripLocation = cfg: lib.removeSuffix "/" cfg.nginx.location;
-
- regexLocation = cfg: regexEscape (stripLocation cfg);
-
- mkFastcgiPass = name: cfg: ''
- ${
- if cfg.nginx.location == "/" then
- ''
- fastcgi_param PATH_INFO $uri;
- ''
- else
- ''
- fastcgi_split_path_info ^(${regexLocation cfg})(/.+)$;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- ''
- }fastcgi_pass unix:${config.services.fcgiwrap.instances."cgit-${name}".socket.address};
- '';
-
- cgitrcLine =
- name: value:
- "${name}=${
- if value == true then
- "1"
- else if value == false then
- "0"
- else
- toString value
- }";
-
- # list value as multiple lines (for "readme" for example)
- cgitrcEntry =
- name: value: if lib.isList value then map (cgitrcLine name) value else [ (cgitrcLine name value) ];
-
- mkCgitrc =
- cfg:
- pkgs.writeText "cgitrc" ''
- # global settings
- ${lib.concatStringsSep "\n" (
- lib.flatten (
- lib.mapAttrsToList cgitrcEntry ({ virtual-root = cfg.nginx.location; } // cfg.settings)
- )
- )}
- ${lib.optionalString (cfg.scanPath != null) (cgitrcLine "scan-path" cfg.scanPath)}
-
- # repository settings
- ${lib.concatStrings (
- lib.mapAttrsToList (url: settings: ''
- ${cgitrcLine "repo.url" url}
- ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: cgitrcLine "repo.${name}") settings)}
- '') cfg.repos
- )}
-
- # extra config
- ${cfg.extraConfig}
- '';
-
- fcgiwrapUnitName = name: "fcgiwrap-cgit-${name}";
- fcgiwrapRuntimeDir = name: "/run/${fcgiwrapUnitName name}";
- gitProjectRoot =
- name: cfg: if cfg.scanPath != null then cfg.scanPath else "${fcgiwrapRuntimeDir name}/repos";
-
-in
-{
- options = {
- services.cgit = lib.mkOption {
- description = "Configure cgit instances.";
- default = { };
- type = lib.types.attrsOf (
- lib.types.submodule (
- { config, ... }:
- {
- options = {
- enable = lib.mkEnableOption "cgit";
-
- package = lib.mkPackageOption pkgs "cgit" { };
-
- nginx.virtualHost = lib.mkOption {
- description = "VirtualHost to serve cgit on, defaults to the attribute name.";
- type = lib.types.str;
- default = config._module.args.name;
- example = "git.example.com";
- };
-
- nginx.location = lib.mkOption {
- description = "Location to serve cgit under.";
- type = lib.types.str;
- default = "/";
- example = "/git/";
- };
-
- repos = lib.mkOption {
- description = "cgit repository settings, see {manpage}`cgitrc(5)`";
- type = with lib.types; attrsOf (attrsOf settingType);
- default = { };
- example = {
- blah = {
- path = "/var/lib/git/example";
- desc = "An example repository";
- };
- };
- };
-
- scanPath = lib.mkOption {
- description = "A path which will be scanned for repositories.";
- type = lib.types.nullOr lib.types.path;
- default = null;
- example = "/var/lib/git";
- };
-
- settings = lib.mkOption {
- description = "cgit configuration, see {manpage}`cgitrc(5)`";
- type = lib.types.attrsOf repeatedSettingType;
- default = { };
- example = lib.literalExpression ''
- {
- enable-follow-links = true;
- source-filter = "''${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
- }
- '';
- };
-
- extraConfig = lib.mkOption {
- description = "These lines go to the end of cgitrc verbatim.";
- type = lib.types.lines;
- default = "";
- };
-
- user = lib.mkOption {
- description = "User to run the cgit service as.";
- type = lib.types.str;
- default = "cgit";
- };
-
- group = lib.mkOption {
- description = "Group to run the cgit service as.";
- type = lib.types.str;
- default = "cgit";
- };
- };
- }
- )
- );
- };
- };
-
- config = lib.mkIf (lib.any (cfg: cfg.enable) (lib.attrValues cfgs)) {
- assertions = lib.mapAttrsToList (vhost: cfg: {
- assertion = !cfg.enable || (cfg.scanPath == null) != (cfg.repos == { });
- message = "Exactly one of services.cgit.${vhost}.scanPath or services.cgit.${vhost}.repos must be set.";
- }) cfgs;
-
- users = lib.mkMerge (
- lib.flip lib.mapAttrsToList cfgs (
- _: cfg: {
- users.${cfg.user} = {
- isSystemUser = true;
- inherit (cfg) group;
- };
- groups.${cfg.group} = { };
- }
- )
- );
-
- services.fcgiwrap.instances = lib.flip lib.mapAttrs' cfgs (
- name: cfg:
- lib.nameValuePair "cgit-${name}" {
- process = { inherit (cfg) user group; };
- socket = { inherit (config.services.nginx) user group; };
- }
- );
-
- systemd.services = lib.flip lib.mapAttrs' cfgs (
- name: cfg:
- lib.nameValuePair (fcgiwrapUnitName name) (
- lib.mkIf (cfg.repos != { }) {
- serviceConfig.RuntimeDirectory = fcgiwrapUnitName name;
- preStart = ''
- GIT_PROJECT_ROOT=${lib.escapeShellArg (gitProjectRoot name cfg)}
- mkdir -p "$GIT_PROJECT_ROOT"
- cd "$GIT_PROJECT_ROOT"
- ${lib.concatLines (
- lib.flip lib.mapAttrsToList cfg.repos (
- name: repo: ''
- ln -s ${lib.escapeShellArg repo.path} ${lib.escapeShellArg name}
- ''
- )
- )}
- '';
- }
- )
- );
-
- services.nginx.enable = true;
-
- services.nginx.virtualHosts = lib.mkMerge (
- lib.mapAttrsToList (name: cfg: {
- ${cfg.nginx.virtualHost} = {
- locations =
- (genAttrs' [ "cgit.css" "cgit.png" "favicon.ico" "robots.txt" ] (
- fileName:
- lib.nameValuePair "= ${stripLocation cfg}/${fileName}" {
- alias = lib.mkDefault "${cfg.package}/cgit/${fileName}";
- }
- ))
- // {
- "~ ${regexLocation cfg}/.+/(info/refs|git-upload-pack)" = {
- fastcgiParams = rec {
- SCRIPT_FILENAME = "${pkgs.git}/libexec/git-core/git-http-backend";
- GIT_PROJECT_ROOT = gitProjectRoot name cfg;
- HOME = GIT_PROJECT_ROOT;
- };
- extraConfig = mkFastcgiPass name cfg;
- };
- "${stripLocation cfg}/" = {
- fastcgiParams = {
- SCRIPT_FILENAME = "${cfg.package}/cgit/cgit.cgi";
- QUERY_STRING = "$args";
- HTTP_HOST = "$server_name";
- CGIT_CONFIG = mkCgitrc cfg;
- };
- extraConfig = mkFastcgiPass name cfg;
- };
- };
- };
- }) cfgs
- );
- };
-}
diff --git a/nixos/hosts/tente/git-web.nix b/nixos/hosts/tente/git-web.nix
index b153b7f..b648873 100644
--- a/nixos/hosts/tente/git-web.nix
+++ b/nixos/hosts/tente/git-web.nix
@@ -20,11 +20,6 @@ in
};
};
- # We're using a patched cgit module to remove GIT_HTTP_EXPORT_ALL=1 for git-http-backend.
- # FUTURE: use official module once https://github.com/NixOS/nixpkgs/pull/475112 has landed
- disabledModules = ["services/networking/cgit.nix"];
- imports = [./cgit.nix];
-
config = {
services.nginx.virtualHosts.${cfg.domain} = {
enableACME = true;
@@ -46,6 +41,7 @@ in
group = cfg.group;
nginx.virtualHost = cfg.domain;
scanPath = cfg.reposDir;
+ gitHttpBackend.checkExportOkFiles = true;
settings = {
strict-export = "git-daemon-export-ok";
remove-suffix = 1;
diff --git a/nixos/npins/sources.json b/nixos/npins/sources.json
index 29affe7..73b3165 100644
--- a/nixos/npins/sources.json
+++ b/nixos/npins/sources.json
@@ -126,20 +126,20 @@
"nixos": {
"type": "Channel",
"name": "nixos-25.11",
- "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.746.1aab89277eb2/nixexprs.tar.xz",
- "hash": "0jdlxk2ixq25z8ms2jwg0g3mjm07wa0daa1xf5mlri2vvrwrskav"
+ "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.3202.30a3c519afcf/nixexprs.tar.xz",
+ "hash": "1gsa22ibk3byzdlvav38gqzkyi8q4kcvv3a7a18y30p7aqxk6n8h"
},
"nixos-small": {
"type": "Channel",
"name": "nixos-25.11-small",
- "url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.896.6707b1809330/nixexprs.tar.xz",
- "hash": "10ra8cgv95328pixls7bl1h28fd1b3fkcw1gr6m75wyjp4114ka2"
+ "url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.3191.7a0d60a03534/nixexprs.tar.xz",
+ "hash": "1n2df4iki4xy6xvn9r1yq5yk986lw9kyjkpbbbdj71b7l7i5ykpi"
},
"nixpkgs-unstable": {
"type": "Channel",
"name": "nixpkgs-unstable",
- "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre906210.ebc94f855ef2/nixexprs.tar.xz",
- "hash": "1z1vx38czffkryc9nqxpg926xspk4jg86acaa8rkzkzx957lr41n"
+ "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre921317.16c7794d0a28/nixexprs.tar.xz",
+ "hash": "1p3lj604zhrw1lzw23bagmqazhd3ynigp61kqdxjaic2lgx9xa0v"
},
"prometheus-sql-exporter": {
"type": "GitRelease",