# vi:ft=nginx
# preprocess: link_for INTERNAL

# TODO: Consolidate these into one, they differ only by hostname and SSL cert
# This is like this because I'm not sure if redirects will work at all with
# git pulls and pretty much all repositories use code.crute.me not .us

include includes/internal_ip_cgit_acl.conf;

server {
  listen *:443 ssl http2;
  listen [::]:443 ssl http2;

  server_name code.crute.me;
  access_log /logs/code.crute.me.log combined_host;

  include includes/hardened_ssl.conf;
  include includes/hardened_headers.conf;

  ssl_certificate /srv/nginx-conf/ssl/letsencrypt_crute_me.pem;
  ssl_certificate_key /srv/nginx-conf/ssl/letsencrypt_crute_me_key.pem;

  add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src https://wiki.crute.me/ 'self';" always;

  client_max_body_size 4G;

  # This is somewhat ugly and naive because it doesn't allow more than host/user/repo and some
  # repos exist at deeper paths than that. This should be fixed and moved out of nginx at some
  # point it's just quick and easy to put it here.
  location ~ ^/(?<user>[^/]*)/(?<repo>[^/]+)/?(?<subpath>.*)?$ {
    if ($arg_go-get = "1") {
      add_header Content-Type text/plain;
      return 200 '<html><head>
  <meta name="go-import" content="code.crute.me/$user/$repo git https://code.crute.me/$user/$repo">
  <meta name="go-source" content="code.crute.me/$user/$repo
        https://code.crute.me/$user/$repo
        https://code.crute.me/$user/$repo/tree{/dir}
        https://code.crute.me/$user/$repo/tree{/dir}/{file}#n{line}">
</head></html>';
    }

    include uwsgi_params;
    uwsgi_modifier1 9;
    uwsgi_param CGIT_CONFIG $cgit_config;
    uwsgi_pass uwsgi://127.0.0.1:9000;
  }

  location / {
    include uwsgi_params;
    uwsgi_modifier1 9;
    uwsgi_param CGIT_CONFIG $cgit_config;
    uwsgi_pass uwsgi://127.0.0.1:9000;
  }
}

server {
  listen *:443 ssl http2;
  listen [::]:443 ssl http2;

  server_name code.crute.us;
  access_log /logs/code.crute.me.log combined_host;

  include includes/hardened_ssl.conf;
  include includes/hardened_headers.conf;

  ssl_certificate /srv/nginx-conf/ssl/letsencrypt_crute_us.pem;
  ssl_certificate_key /srv/nginx-conf/ssl/letsencrypt_crute_us_key.pem;

  add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src https://wiki.crute.me/ 'self';" always;

  client_max_body_size 4G;

  # This is somewhat ugly and naive because it doesn't allow more than host/user/repo and some
  # repos exist at deeper paths than that. This should be fixed and moved out of nginx at some
  # point it's just quick and easy to put it here.
  location ~ ^/(?<user>[^/]*)/(?<repo>[^/]+)/?(?<subpath>.*)?$ {
    if ($arg_go-get = "1") {
      add_header Content-Type text/plain;
      return 200 '<html><head>
  <meta name="go-import" content="code.crute.me/$user/$repo git https://code.crute.me/$user/$repo">
  <meta name="go-source" content="code.crute.me/$user/$repo
        https://code.crute.me/$user/$repo
        https://code.crute.me/$user/$repo/tree{/dir}
        https://code.crute.me/$user/$repo/tree{/dir}/{file}#n{line}">
</head></html>';
    }

    include uwsgi_params;
    uwsgi_modifier1 9;
    uwsgi_param CGIT_CONFIG $cgit_config;
    uwsgi_pass uwsgi://127.0.0.1:9000;
  }

  location / {
    include uwsgi_params;
    uwsgi_modifier1 9;
    uwsgi_param CGIT_CONFIG $cgit_config;
    uwsgi_pass uwsgi://127.0.0.1:9000;
  }
}