nixos/tests/gitolite-fcgiwrap.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / gitolite-fcgiwrap.nix
at 23.11-beta 3.3 kB view raw
 1import ./make-test-python.nix (
 2  { pkgs, ... }:
 3
 4    let
 5      user = "gitolite-admin";
 6      password = "some_password";
 7
 8      # not used but needed to setup gitolite
 9      adminPublicKey = ''
10        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
11      '';
12    in
13      {
14        name = "gitolite-fcgiwrap";
15
16        meta = with pkgs.lib.maintainers; {
17          maintainers = [ bbigras ];
18        };
19
20        nodes = {
21
22          server =
23            { config, ... }:
24              {
25                networking.firewall.allowedTCPPorts = [ 80 ];
26
27                services.fcgiwrap.enable = true;
28                services.gitolite = {
29                  enable = true;
30                  adminPubkey = adminPublicKey;
31                };
32
33                services.nginx = {
34                  enable = true;
35                  recommendedProxySettings = true;
36                  virtualHosts."server".locations."/git".extraConfig = ''
37                    # turn off gzip as git objects are already well compressed
38                    gzip off;
39
40                    # use file based basic authentication
41                    auth_basic "Git Repository Authentication";
42                    auth_basic_user_file /etc/gitolite/htpasswd;
43
44                    # common FastCGI parameters are required
45                    include ${config.services.nginx.package}/conf/fastcgi_params;
46
47                    # strip the CGI program prefix
48                    fastcgi_split_path_info ^(/git)(.*)$;
49                    fastcgi_param PATH_INFO $fastcgi_path_info;
50
51                    # pass authenticated user login(mandatory) to Gitolite
52                    fastcgi_param REMOTE_USER $remote_user;
53
54                    # pass git repository root directory and hosting user directory
55                    # these env variables can be set in a wrapper script
56                    fastcgi_param GIT_HTTP_EXPORT_ALL "";
57                    fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories;
58                    fastcgi_param GITOLITE_HTTP_HOME /var/lib/gitolite;
59                    fastcgi_param SCRIPT_FILENAME ${pkgs.gitolite}/bin/gitolite-shell;
60
61                    # use Unix domain socket or inet socket
62                    fastcgi_pass unix:/run/fcgiwrap.sock;
63                  '';
64                };
65
66                # WARNING: DON'T DO THIS IN PRODUCTION!
67                # This puts unhashed secrets directly into the Nix store for ease of testing.
68                environment.etc."gitolite/htpasswd".source = pkgs.runCommand "htpasswd" {} ''
69                  ${pkgs.apacheHttpd}/bin/htpasswd -bc "$out" ${user} ${password}
70                '';
71              };
72
73          client =
74            { pkgs, ... }:
75              {
76                environment.systemPackages = [ pkgs.git ];
77              };
78        };
79
80        testScript = ''
81          start_all()
82
83          server.wait_for_unit("gitolite-init.service")
84          server.wait_for_unit("nginx.service")
85          server.wait_for_file("/run/fcgiwrap.sock")
86
87          client.wait_for_unit("multi-user.target")
88          client.succeed(
89              "git clone http://${user}:${password}@server/git/gitolite-admin.git"
90          )
91        '';
92      }
93)