refactor(ops/modules): Move cgit configuration into a module r/3836

The ancient `//web/cgit-taz` path stems from the time I had
code.tazj.in serving my initial version of the depot.

I've been meaning to clean this up for forever, so here we go.

Note that this leaves the git-serving module in a strange state where
it only deals with josh. I'll rename it accordingly.

Change-Id: I47ed1e9d90958299b5440a18a1b9075274754e33
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5294
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>

4 files changed, 108 insertions, 22 deletions

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 11493b930b..66f5890f8b 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -8,6 +8,7 @@ in
 {
   imports = [
     "${depot.path}/ops/modules/atward.nix"
+    "${depot.path}/ops/modules/cgit/default.nix"
     "${depot.path}/ops/modules/clbot.nix"
     "${depot.path}/ops/modules/gerrit-queue.nix"
     "${depot.path}/ops/modules/git-serving.nix"
@@ -392,6 +393,7 @@ in
     nixery.enable = true;
 
     # Run cgit & josh to serve git
+    cgit.enable = true;
     git-serving.enable = true;
 
     # Configure backups to GleSYS
diff --git a/ops/modules/cgit/default.nix b/ops/modules/cgit/default.nix
new file mode 100644
index 0000000000..580b8384bd
--- /dev/null
+++ b/ops/modules/cgit/default.nix
@@ -0,0 +1,92 @@
+# Configuration for running the TVL cgit instance using thttpd.
+{ config, depot, lib, pkgs, ... }:
+
+let
+  inherit (pkgs) writeText;
+
+  cfg = config.services.depot.cgit;
+
+  cgitConfig = writeText "cgitrc" ''
+    # Global configuration
+    virtual-root=/
+    enable-http-clone=0
+    readme=:README.md
+    about-filter=${depot.tools.cheddar.about-filter}/bin/cheddar-about
+    source-filter=${depot.tools.cheddar}/bin/cheddar
+    enable-log-filecount=1
+    enable-log-linecount=1
+    enable-follow-links=1
+    enable-blame=1
+    mimetype-file=${pkgs.mime-types}/etc/mime.types
+    logo=https://static.tvl.fyi/${depot.web.static.drvHash}/logo-animated.svg
+
+    # Repository configuration
+    repo.url=depot
+    repo.path=/var/lib/gerrit/git/depot.git/
+    repo.desc=monorepo for the virus lounge
+    repo.owner=The Virus Lounge
+    repo.clone-url=https://code.tvl.fyi/depot.git
+  '';
+
+  thttpdConfig = writeText "thttpd.conf" ''
+    port=${toString cfg.port}
+    dir=${depot.third_party.cgit}/cgit
+    nochroot
+    novhost
+    cgipat=**.cgi
+  '';
+
+  # Patched version of thttpd that serves cgit.cgi as the index and
+  # sets the environment variable for pointing cgit at the correct
+  # configuration.
+  #
+  # Things are done this way because recompilation of thttpd is much
+  # faster than cgit.
+  thttpdConfigPatch = writeText "thttpd_cgit_conf.patch" ''
+    diff --git a/libhttpd.c b/libhttpd.c
+    index c6b1622..eef4b73 100644
+    --- a/libhttpd.c
+    +++ b/libhttpd.c
+    @@ -3055,4 +3055,6 @@ make_envp( httpd_conn* hc )
+
+         envn = 0;
+    +    // force cgit to load the correct configuration
+    +    envp[envn++] = "CGIT_CONFIG=${cgitConfig}";
+         envp[envn++] = build_env( "PATH=%s", CGI_PATH );
+     #ifdef CGI_LD_LIBRARY_PATH
+  '';
+
+  thttpdCgit = pkgs.thttpd.overrideAttrs (old: {
+    patches = [
+      ./thttpd_cgi_idx.patch
+      thttpdConfigPatch
+    ];
+  });
+in
+{
+  options.services.depot.cgit = with lib; {
+    enable = mkEnableOption "Run cgit web interface for depot";
+
+    port = mkOption {
+      description = "Port on which cgit should listen";
+      type = types.int;
+      default = 2448;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.cgit = {
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Restart = "on-failure";
+        User = "git";
+        Group = "git";
+
+        ExecStart = pkgs.writeShellScript "cgit-launch" ''
+          exec ${thttpdCgit}/bin/thttpd -D -C ${thttpdConfig}
+        '';
+      };
+    };
+  };
+}
diff --git a/ops/modules/cgit/thttpd_cgi_idx.patch b/ops/modules/cgit/thttpd_cgi_idx.patch
new file mode 100644
index 0000000000..67dbc0c7ab
--- /dev/null
+++ b/ops/modules/cgit/thttpd_cgi_idx.patch
@@ -0,0 +1,13 @@
+diff --git a/config.h b/config.h
+index 65ab1e3..cde470f 100644
+--- a/config.h
++++ b/config.h
+@@ -327,7 +327,7 @@
+ /* CONFIGURE: A list of index filenames to check.  The files are searched
+ ** for in this order.
+ */
+-#define INDEX_NAMES "index.html", "index.htm", "index.xhtml", "index.xht", "Default.htm", "index.cgi"
++#define INDEX_NAMES "cgit.cgi"
+ 
+ /* CONFIGURE: If this is defined then thttpd will automatically generate
+ ** index pages for directories that don't have an explicit index file.
diff --git a/ops/modules/git-serving.nix b/ops/modules/git-serving.nix
index 49af01a0fd..57f08cbc5f 100644
--- a/ops/modules/git-serving.nix
+++ b/ops/modules/git-serving.nix
@@ -1,13 +1,4 @@
-# Configures public git-serving infrastructure for TVL, this involves:
-#
-# 1. cgit (running at code.tvl.fyi) for web views of the repository
-# 2. josh (for cloning the repository and its distinct subtrees)
-#
-# We also run Sourcegraph for browsing the repository, but this is
-# currently configured in a separate module
-# (//ops/modules/sourcegraph.nix)
-#
-# TODO(tazjin): Move //web/cgit-taz configuration in here instead.
+# Configures the public josh instance for serving the depot.
 { config, depot, lib, pkgs, ... }:
 
 let
@@ -25,18 +16,6 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    # Run cgit for the depot. The onion here is nginx(thttpd(cgit)).
-    systemd.services.cgit = {
-      wantedBy = [ "multi-user.target" ];
-      script = "${depot.web.cgit-taz}/bin/cgit-launch";
-
-      serviceConfig = {
-        Restart = "on-failure";
-        User = "git";
-        Group = "git";
-      };
-    };
-
     # Run josh for the depot.
     systemd.services.josh = {
       description = "josh - partial cloning of monorepos";