From 6b3e4de3b01fcf18b3ef7daa5c0d686cdf88489e Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 5 Jun 2024 20:43:48 +0200 Subject: [PATCH] cgit: consider all repos safe --- krebs/3modules/git.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 347a2c32b..961b217e1 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -468,6 +468,16 @@ let include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_PROJECT_ROOT ${cfg.dataDir}; + fastcgi_param HOME ${pkgs.write "git-http-backend.home" { + "/.gitconfig".text = /* ini */ '' + [safe] + directory = . + ${concatMapStrings + (repo: "directory = ${cfg.dataDir}/${repo.name}\n") + (attrValues cfg.repos) + } + ''; + }}; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend; fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};