nixos/tests/gitolite-fcgiwrap.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / gitolite-fcgiwrap.nix
at master 2.9 kB view raw
 1{ pkgs, ... }:
 2
 3let
 4  user = "gitolite-admin";
 5  password = "some_password";
 6
 7  # not used but needed to setup gitolite
 8  adminPublicKey = ''
 9    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
10  '';
11in
12{
13  name = "gitolite-fcgiwrap";
14
15  meta = with pkgs.lib.maintainers; {
16    maintainers = [ bbigras ];
17  };
18
19  nodes = {
20
21    server =
22      { config, ... }:
23      {
24        networking.firewall.allowedTCPPorts = [ 80 ];
25
26        services.fcgiwrap.instances.gitolite = {
27          process.user = "gitolite";
28          process.group = "gitolite";
29          socket = { inherit (config.services.nginx) user group; };
30        };
31
32        services.gitolite = {
33          enable = true;
34          adminPubkey = adminPublicKey;
35        };
36
37        services.nginx = {
38          enable = true;
39          recommendedProxySettings = true;
40          virtualHosts."server".locations."/git".extraConfig = ''
41            # turn off gzip as git objects are already well compressed
42            gzip off;
43
44            # use file based basic authentication
45            auth_basic "Git Repository Authentication";
46            auth_basic_user_file /etc/gitolite/htpasswd;
47
48            # common FastCGI parameters are required
49            include ${config.services.nginx.package}/conf/fastcgi_params;
50
51            # strip the CGI program prefix
52            fastcgi_split_path_info ^(/git)(.*)$;
53            fastcgi_param PATH_INFO $fastcgi_path_info;
54
55            # pass authenticated user login(mandatory) to Gitolite
56            fastcgi_param REMOTE_USER $remote_user;
57
58            # pass git repository root directory and hosting user directory
59            # these env variables can be set in a wrapper script
60            fastcgi_param GIT_HTTP_EXPORT_ALL "";
61            fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories;
62            fastcgi_param GITOLITE_HTTP_HOME /var/lib/gitolite;
63            fastcgi_param SCRIPT_FILENAME ${pkgs.gitolite}/bin/gitolite-shell;
64
65            # use Unix domain socket or inet socket
66            fastcgi_pass unix:${config.services.fcgiwrap.instances.gitolite.socket.address};
67          '';
68        };
69
70        # WARNING: DON'T DO THIS IN PRODUCTION!
71        # This puts unhashed secrets directly into the Nix store for ease of testing.
72        environment.etc."gitolite/htpasswd".source = pkgs.runCommand "htpasswd" { } ''
73          ${pkgs.apacheHttpd}/bin/htpasswd -bc "$out" ${user} ${password}
74        '';
75      };
76
77    client =
78      { pkgs, ... }:
79      {
80        environment.systemPackages = [ pkgs.git ];
81      };
82  };
83
84  testScript = ''
85    start_all()
86
87    server.wait_for_unit("gitolite-init.service")
88    server.wait_for_unit("nginx.service")
89    server.wait_for_file("/run/fcgiwrap-gitolite.sock")
90
91    client.wait_for_unit("multi-user.target")
92    client.succeed(
93        "git clone http://${user}:${password}@server/git/gitolite-admin.git"
94    )
95  '';
96}