From 4374831bed4063f3126fb2267f764a7f91fc0eb7 Mon Sep 17 00:00:00 2001
From: alex <alex@garbash.com>
Date: Wed, 22 Sep 2021 23:47:23 -0400
Subject: [PATCH] git: Add first draft of a cgit config

I'm about to blow this away and use stagit(1) -- the chroot(8)-ing
of httpd(8) makes it REALLY hard to get the about-filters and
owner-filters right to have cgit do exactly what I want it to do.

I figured I should check it in now though in case I want to revert!
---
 Makefile             |  3 ++-
 etc/acme-client.conf |  2 +-
 etc/httpd.conf       | 21 +++++++++++++++++++++
 var/www/conf/cgitrc  | 14 ++++++++++++++
 4 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 var/www/conf/cgitrc

diff --git a/Makefile b/Makefile
index 60db053..c6c7a70 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,8 @@
 # Simple Makefile to pull from /etc
 FILES = /etc/httpd.conf \
 	/etc/acme-client.conf \
-	/etc/mail/smtpd.conf
+	/etc/mail/smtpd.conf \
+	/var/www/conf/cgitrc
 
 .PHONY: pull
 pull:
diff --git a/etc/acme-client.conf b/etc/acme-client.conf
index 389313c..bc3febe 100644
--- a/etc/acme-client.conf
+++ b/etc/acme-client.conf
@@ -24,7 +24,7 @@ authority buypass-test {
 }
 
 domain garbash.com {
-	alternative names { waste.garbash.com, mail.garbash.com }
+	alternative names { waste.garbash.com, mail.garbash.com git.garbash.com }
 	domain key "/etc/ssl/private/garbash.com.key"
 	domain full chain certificate "/etc/ssl/garbash.com.fullchain.pem"
 	sign with letsencrypt
diff --git a/etc/httpd.conf b/etc/httpd.conf
index 70cdbfd..44dd24f 100644
--- a/etc/httpd.conf
+++ b/etc/httpd.conf
@@ -23,3 +23,24 @@ server "garbash.com" {
 		request strip 2
 	}
 }
+
+server "git.garbash.com" {
+	listen on * tls port 443
+	tls {
+		certificate "/etc/ssl/garbash.com.fullchain.pem"
+		key "/etc/ssl/private/garbash.com.key"
+	}
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+
+        # don't serve static files from cgit CGI: cgit.css and cgit.png
+        location "/cgit.*" {
+                root "/cgit"
+                no fastcgi
+        }
+
+        root "/cgi-bin/cgit.cgi"
+        fastcgi socket "/run/slowcgi.sock"
+}
diff --git a/var/www/conf/cgitrc b/var/www/conf/cgitrc
new file mode 100644
index 0000000..09b77fb
--- /dev/null
+++ b/var/www/conf/cgitrc
@@ -0,0 +1,14 @@
+# NOTE: it's chrooted in /var/www!
+scan-path=/git
+
+clone-prefix=git://git.garbash.com
+
+root-title=garbash.com git repositories
+root-desc=create something worth rewriting
+
+readme=:README.md
+readme=:README
+
+enable-index-links=1
+enable-index-owner=1
+enable-commit-graph=1
--
libgit2 1.1.1