diff options
| author | Ben Sima <ben@bsima.me> | 2022-11-12 15:43:17 -0500 |
|---|---|---|
| committer | Ben Sima <ben@bsima.me> | 2022-11-12 15:43:17 -0500 |
| commit | a4e5f66ccaffff99c7520a888a1dab18db2bdf16 (patch) | |
| tree | a994263578d0231a7eeee78525a08c347ca5bff8 | |
| parent | c23e7bfd433c8d838f56fa3283a78316cb6e1112 (diff) | |
Deploy gerrit
| -rw-r--r-- | Biz/Cloud/Git.nix | 50 | ||||
| -rw-r--r-- | Biz/Cloud/Ports.nix | 2 | ||||
| -rw-r--r-- | Biz/Cloud/Web.nix | 2 |
3 files changed, 52 insertions, 2 deletions
diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix index 55ca441..a3ae25c 100644 --- a/Biz/Cloud/Git.nix +++ b/Biz/Cloud/Git.nix @@ -1,8 +1,9 @@ -{ lib, config, ... }: +{ lib, config, pkgs, ... }: let inherit (config.networking) domain; root = "/var/git"; + ports = import ./Ports.nix; in { services = { gitolite = { @@ -27,7 +28,7 @@ in { gitDaemon = { enable = true; basePath = "${root}/repositories"; - listenAddress = "simatime.com"; + listenAddress = domain; user = "gitDaemon"; group = "gitDaemon"; }; @@ -53,6 +54,51 @@ in { '') ]; }; + gerrit = { + enable = true; + builtinPlugins = [ + "commit-message-length-validator" + "plugin-manager" + "singleusergroup" + "reviewnotes" + ]; + jvmOpts = [ + # https://stackoverflow.com/a/71817404 + "--add-opens" "java.base/java.lang=ALL-UNNAMED" + "--add-opens" "java.base/java.util=ALL-UNNAMED" + ]; + plugins = [ + (pkgs.fetchurl { + url = "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar"; + sha256 = "sha256-MS3ElMRUrBX4miiflepMETRK3SaASqpqO3nUn9kq3Gk="; + }) + ]; + listenAddress = "[::]:${toString ports.gerrit}"; + serverId = "cc6cca15-2a7e-4946-89b9-67f5d6d996ae"; + settings = { + auth.type = "OAUTH"; + auth.gitBasicAuthPolicy = "HTTP"; + download.command = [ "checkout" "cherry_pick" "pull" "format_patch"]; + gerrit.canonicalWebUrl = "https://gerrit.${domain}"; + httpd.listenUrl = "proxy-https://${config.services.gerrit.listenAddress}"; + plugin.gerrit-oauth-provider-github-oauth = { + root-url = "https://github.com"; + client-id = "e48084aa0eebe31a2b18"; + }; + sshd.advertisedAddress = "gerrit.${domain}:${toString ports.gerrit-ssh}"; + sshd.listenAddress = "[::]:${toString ports.gerrit-ssh}"; + }; + }; + nginx.virtualHosts."gerrit.${domain}" = { + forceSSL = true; + useACMEHost = domain; + locations."/" = { + proxyPass = "http://localhost:${toString ports.gerrit}"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; }; # need to specify that these users can access git files by being part of the # git group diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix index 63d8e3a..3213271 100644 --- a/Biz/Cloud/Ports.nix +++ b/Biz/Cloud/Ports.nix @@ -7,6 +7,8 @@ dragons = 8095; et = 2022; gemini = 1965; + gerrit = 8081; + gerrit-ssh = 2222; git = 9418; hoogle = 8008; http = 80; diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix index 747a58d..cd2e745 100644 --- a/Biz/Cloud/Web.nix +++ b/Biz/Cloud/Web.nix @@ -16,6 +16,7 @@ in ports.gemini ports.radicale ports.znc + ports.gerrit-ssh ]; }; @@ -238,5 +239,6 @@ in "youtube" "www.youtube" "sd" + "gerrit" ]; } |