From e925453eab7024b5f169bbeef6a281c9952b1d30 Mon Sep 17 00:00:00 2001
From: Luke Hoersten <luke@hoersten.org>
Date: Sun, 5 Apr 2026 15:50:31 -0500
Subject: Add git/aws-s3-backup and git/web (cgit) roles

---
 git/web/templates/cgit.nginx.conf.j2 | 38 ++++++++++++++++++++++++++++++++++++
 git/web/templates/cgitrc.j2          | 18 +++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 git/web/templates/cgit.nginx.conf.j2
 create mode 100644 git/web/templates/cgitrc.j2

(limited to 'git/web/templates')

diff --git a/git/web/templates/cgit.nginx.conf.j2 b/git/web/templates/cgit.nginx.conf.j2
new file mode 100644
index 0000000..0ddbe38
--- /dev/null
+++ b/git/web/templates/cgit.nginx.conf.j2
@@ -0,0 +1,38 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{nginx_server_name}};
+    return 301 https://{{nginx_server_name}}$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name {{nginx_server_name}};
+
+    ssl_certificate {{nginx_ssl_cert}};
+    ssl_certificate_key {{nginx_ssl_privkey}};
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
+    root /usr/share/cgit;
+
+    try_files $uri @cgit;
+
+    location @cgit {
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
+        fastcgi_param PATH_INFO $uri;
+        fastcgi_param QUERY_STRING $query_string;
+        fastcgi_param HTTP_HOST $server_name;
+        fastcgi_pass unix:/run/fcgiwrap.socket;
+    }
+}
diff --git a/git/web/templates/cgitrc.j2 b/git/web/templates/cgitrc.j2
new file mode 100644
index 0000000..6c1a7ff
--- /dev/null
+++ b/git/web/templates/cgitrc.j2
@@ -0,0 +1,18 @@
+remove-suffix=1
+
+root-title=src.nth.io
+root-desc=Git repositories
+
+difftype=ssdiff
+
+enable-http-clone=1
+enable-index-links=1
+enable-log-filecount=1
+enable-log-linecount=1
+
+source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
+about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+{% for repo in cgit_repos %}
+repo.path={{cgit_repos_dir}}{{repo}}.git
+{% endfor %}
-- 
cgit v1.2.3