summaryrefslogtreecommitdiff
path: root/Biz/Cloud/Git.nix
diff options
context:
space:
mode:
Diffstat (limited to 'Biz/Cloud/Git.nix')
-rw-r--r--Biz/Cloud/Git.nix50
1 files changed, 48 insertions, 2 deletions
diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix
index 55ca441..a3ae25c 100644
--- a/Biz/Cloud/Git.nix
+++ b/Biz/Cloud/Git.nix
@@ -1,8 +1,9 @@
-{ lib, config, ... }:
+{ lib, config, pkgs, ... }:
let
inherit (config.networking) domain;
root = "/var/git";
+ ports = import ./Ports.nix;
in {
services = {
gitolite = {
@@ -27,7 +28,7 @@ in {
gitDaemon = {
enable = true;
basePath = "${root}/repositories";
- listenAddress = "simatime.com";
+ listenAddress = domain;
user = "gitDaemon";
group = "gitDaemon";
};
@@ -53,6 +54,51 @@ in {
'')
];
};
+ gerrit = {
+ enable = true;
+ builtinPlugins = [
+ "commit-message-length-validator"
+ "plugin-manager"
+ "singleusergroup"
+ "reviewnotes"
+ ];
+ jvmOpts = [
+ # https://stackoverflow.com/a/71817404
+ "--add-opens" "java.base/java.lang=ALL-UNNAMED"
+ "--add-opens" "java.base/java.util=ALL-UNNAMED"
+ ];
+ plugins = [
+ (pkgs.fetchurl {
+ url = "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar";
+ sha256 = "sha256-MS3ElMRUrBX4miiflepMETRK3SaASqpqO3nUn9kq3Gk=";
+ })
+ ];
+ listenAddress = "[::]:${toString ports.gerrit}";
+ serverId = "cc6cca15-2a7e-4946-89b9-67f5d6d996ae";
+ settings = {
+ auth.type = "OAUTH";
+ auth.gitBasicAuthPolicy = "HTTP";
+ download.command = [ "checkout" "cherry_pick" "pull" "format_patch"];
+ gerrit.canonicalWebUrl = "https://gerrit.${domain}";
+ httpd.listenUrl = "proxy-https://${config.services.gerrit.listenAddress}";
+ plugin.gerrit-oauth-provider-github-oauth = {
+ root-url = "https://github.com";
+ client-id = "e48084aa0eebe31a2b18";
+ };
+ sshd.advertisedAddress = "gerrit.${domain}:${toString ports.gerrit-ssh}";
+ sshd.listenAddress = "[::]:${toString ports.gerrit-ssh}";
+ };
+ };
+ nginx.virtualHosts."gerrit.${domain}" = {
+ forceSSL = true;
+ useACMEHost = domain;
+ locations."/" = {
+ proxyPass = "http://localhost:${toString ports.gerrit}";
+ extraConfig = ''
+ proxy_set_header X-Forwarded-For $remote_addr;
+ '';
+ };
+ };
};
# need to specify that these users can access git files by being part of the
# git group