search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / gitolite-fcgiwrap.nix
blob43d65faebbee27bbf14d36512e21faec81723607
1 import ./make-test-python.nix (
2   { pkgs, ... }:
3
4     let
5       user = "gitolite-admin";
6       password = "some_password";
7
8       # not used but needed to setup gitolite
9       adminPublicKey = ''
10         ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
11       '';
12     in
13       {
14         name = "gitolite-fcgiwrap";
15
16         meta = with pkgs.lib.maintainers; {
17           maintainers = [ bbigras ];
18         };
19
20         nodes = {
21
22           server =
23             { config, ... }:
24               {
25                 networking.firewall.allowedTCPPorts = [ 80 ];
26
27                 services.fcgiwrap.instances.gitolite = {
28                   process.user = "gitolite";
29                   process.group = "gitolite";
30                   socket = { inherit (config.services.nginx) user group; };
31                 };
32
33                 services.gitolite = {
34                   enable = true;
35                   adminPubkey = adminPublicKey;
36                 };
37
38                 services.nginx = {
39                   enable = true;
40                   recommendedProxySettings = true;
41                   virtualHosts."server".locations."/git".extraConfig = ''
42                     # turn off gzip as git objects are already well compressed
43                     gzip off;
44
45                     # use file based basic authentication
46                     auth_basic "Git Repository Authentication";
47                     auth_basic_user_file /etc/gitolite/htpasswd;
48
49                     # common FastCGI parameters are required
50                     include ${config.services.nginx.package}/conf/fastcgi_params;
51
52                     # strip the CGI program prefix
53                     fastcgi_split_path_info ^(/git)(.*)$;
54                     fastcgi_param PATH_INFO $fastcgi_path_info;
55
56                     # pass authenticated user login(mandatory) to Gitolite
57                     fastcgi_param REMOTE_USER $remote_user;
58
59                     # pass git repository root directory and hosting user directory
60                     # these env variables can be set in a wrapper script
61                     fastcgi_param GIT_HTTP_EXPORT_ALL "";
62                     fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories;
63                     fastcgi_param GITOLITE_HTTP_HOME /var/lib/gitolite;
64                     fastcgi_param SCRIPT_FILENAME ${pkgs.gitolite}/bin/gitolite-shell;
65
66                     # use Unix domain socket or inet socket
67                     fastcgi_pass unix:${config.services.fcgiwrap.instances.gitolite.socket.address};
68                   '';
69                 };
70
71                 # WARNING: DON'T DO THIS IN PRODUCTION!
72                 # This puts unhashed secrets directly into the Nix store for ease of testing.
73                 environment.etc."gitolite/htpasswd".source = pkgs.runCommand "htpasswd" {} ''
74                   ${pkgs.apacheHttpd}/bin/htpasswd -bc "$out" ${user} ${password}
75                 '';
76               };
77
78           client =
79             { pkgs, ... }:
80               {
81                 environment.systemPackages = [ pkgs.git ];
82               };
83         };
84
85         testScript = ''
86           start_all()
87
88           server.wait_for_unit("gitolite-init.service")
89           server.wait_for_unit("nginx.service")
90           server.wait_for_file("/run/fcgiwrap-gitolite.sock")
91
92           client.wait_for_unit("multi-user.target")
93           client.succeed(
94               "git clone http://${user}:${password}@server/git/gitolite-admin.git"
95           )
96         '';
97       }
98 )
Nix packages repository - mirror of https://github.com/NixOS/nixpkgs