diff options
| author | Arun Isaac | 2023-08-14 22:28:04 +0100 |
|---|---|---|
| committer | Arun Isaac | 2023-08-14 22:29:05 +0100 |
| commit | 7c8bc2c9eb661ee0468dd195ab6e8b7258662bc6 (patch) | |
| tree | e08de50c646cf797248747b86c0916cd29e9ccca /doc/forge.skb | |
| parent | bd1c918c98e7e9ebe4e2068e6dd45538cd69e7d8 (diff) | |
| download | guix-forge-7c8bc2c9eb661ee0468dd195ab6e8b7258662bc6.tar.gz guix-forge-7c8bc2c9eb661ee0468dd195ab6e8b7258662bc6.tar.lz guix-forge-7c8bc2c9eb661ee0468dd195ab6e8b7258662bc6.zip | |
doc: Add cgit setup how to.
* doc/forge.skb (How To): New chapter.
* doc/snippets/acme-staging-url.scm,
doc/snippets/how-to-set-up-cgit.scm: New files.
* tissue.scm (#:indexed-documents): Index chapter-how-to.
Diffstat (limited to 'doc/forge.skb')
| -rw-r--r-- | doc/forge.skb | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/forge.skb b/doc/forge.skb index 8d59bef..e772b34 100644 --- a/doc/forge.skb +++ b/doc/forge.skb @@ -187,6 +187,39 @@ per your needs. The overall configuration used in this tutorial is repeated below for your reference.]) (prog (source :language scheme :file "doc/snippets/tutorial.scm"))) + (chapter :title [How To] + :ident "chapter-how-to" + (section :title [How to set up cgit] + :ident "section-how-to-set-up-cgit" + (p [guix-forge comes with an end-to-end cgit solution that not +only sets up cgit itself but also an nginx server complete with +automatically renewed TLS certificates.]) + (p [The cgit service uses the forge-nginx service as its web +server. The forge-nginx service in turn uses the ACME service to fetch +and renew TLS certificates. Here's a minimal working configuration.]) + (prog (source :language scheme + :file "doc/snippets/how-to-set-up-cgit.scm") + :line #f) + (p [The cgit service configuration specifies the domain ,(samp +[git.example.org]) to serve cgit on and the ,(file "/srv/git") +repository directory containing bare git repositories to publish. The +forge nginx service configuration specifies the ports to serve HTTP +and HTTPS on. The ACME service configuration specifies the email +address to register an ACME account with. The sudoers file declaration +is required to allow the ,(samp [acme]) user to restart the nginx +server when a certificate is renewed. The configured machine will +start out with self-signed certificates. Run ,(samp [/usr/bin/acme +renew]) the first time to get CA-issued certificates. Thereafter, +certificates will auto-renew via a cron job.]) + (p [When testing your deployment, it might help to start with +the Let's Encrypt staging server as shown below. This will give you +dummy certificates, but will help you avoid running afoul of Let's +Encrypt rate limits. Once you know everything works, delete the ACME +state directory (,(file "/var/lib/acme") by default) and run ,(samp +[/usr/bin/acme renew]) again to get real certificates.] + (prog (source :language scheme + :file "doc/snippets/acme-staging-url.scm") + :line #f)))) (chapter :title [Services] :ident "chapter-services" (section :title [Git web viewers] |