From 6513755670892983db88a6633b8c1ea6019c03d1 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Fri, 15 Nov 2024 14:55:37 -0500 Subject: Re-namespace some stuff to Omni I was getting confused about what is a product and what is internal infrastructure; I think it is good to keep those things separate. So I moved a bunch of stuff to an Omni namespace, actually most stuff went there. Only things that are explicitly external products are still in the Biz namespace. --- Biz/Cloud/Git.nix | 119 ------------------------------------------------------ 1 file changed, 119 deletions(-) delete mode 100644 Biz/Cloud/Git.nix (limited to 'Biz/Cloud/Git.nix') diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix deleted file mode 100644 index bc97d23..0000000 --- a/Biz/Cloud/Git.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ lib, config, pkgs, ... }: - -let - inherit (config.networking) domain; - root = "/var/git"; - ports = import ./Ports.nix; -in { - services = { - cgit.cloud = { - enable = true; - nginx.location = "/git"; - nginx.virtualHost = "/git"; - scanPath = "/var/git/repositories"; - settings = { - strict-export = "git-daemon-export-ok"; - css = "/git/cgit.css"; - logo = "/git/cgit.png"; - root-title = "ben's git repos"; - root-desc = "building"; - enable-git-config = 1; - clone-url = lib.strings.concatStringsSep " " [ - "https://$HTTP_HOST/git/$CGIT_REPO_URL" - "git://$HTTP_HOST/$CGIT_REPO_URL" - "git@$HTTP_HOST:$CGIT_REPO_URL" - ]; - }; - }; - gitolite = { - enable = true; - enableGitAnnex = true; - dataDir = root; - user = "git"; - group = "git"; - # the umask is necessary to give the git group read permissions, otherwise - # git-daemon et al can't access the repos - extraGitoliteRc = '' - $RC{SITE_INFO} = 'a computer is a bicycle for the mind.'; - $RC{UMASK} = 0027; - $RC{GIT_CONFIG_KEYS} = '.*'; - ''; - adminPubkey = lib.trivial.pipe ../Keys/Ben.pub [ - builtins.readFile - (lib.strings.splitString "\n") - lib.lists.head - ]; - # commonHooks = [ ./git-hooks ]; - }; - gitDaemon = { - enable = true; - basePath = "${root}/repositories"; - listenAddress = domain; - user = "gitDaemon"; - group = "gitDaemon"; - }; - gerrit = { - enable = false; - builtinPlugins = [ - "commit-message-length-validator" - "delete-project" - "plugin-manager" - "singleusergroup" - "reviewnotes" - ]; - jvmOpts = [ - # https://stackoverflow.com/a/71817404 - "--add-opens" - "java.base/java.lang=ALL-UNNAMED" - "--add-opens" - "java.base/java.util=ALL-UNNAMED" - ]; - plugins = [ - (pkgs.fetchurl { - url = - "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar"; - sha256 = "sha256-MS3ElMRUrBX4miiflepMETRK3SaASqpqO3nUn9kq3Gk="; - }) - ]; - listenAddress = "[::]:${toString ports.gerrit}"; - serverId = "cc6cca15-2a7e-4946-89b9-67f5d6d996ae"; - settings = { - auth.type = "OAUTH"; - auth.gitBasicAuthPolicy = "HTTP"; - download.command = [ "checkout" "cherry_pick" "pull" "format_patch" ]; - gerrit.canonicalWebUrl = "https://gerrit.${domain}"; - httpd.listenUrl = - "proxy-https://${config.services.gerrit.listenAddress}"; - plugin.gerrit-oauth-provider-github-oauth = { - root-url = "https://github.com"; - client-id = "e48084aa0eebe31a2b18"; - }; - sshd.advertisedAddress = - "gerrit.${domain}:${toString ports.gerrit-ssh}"; - sshd.listenAddress = "[::]:${toString ports.gerrit-ssh}"; - }; - }; - nginx.virtualHosts."gerrit.${domain}" = { - forceSSL = true; - useACMEHost = domain; - locations."/" = { - proxyPass = "http://localhost:${toString ports.gerrit}"; - extraConfig = '' - proxy_set_header X-Forwarded-For $remote_addr; - ''; - }; - }; - }; - # need to specify that these users can access git files by being part of the - # git group - users.users = { - gitDaemon = { - group = "gitDaemon"; - isSystemUser = true; - description = "Git daemon user"; - extraGroups = [ "git" ]; - }; - "nginx".extraGroups = [ "git" ]; - }; - users.groups = { gitDaemon = { }; }; -} -- cgit v1.2.3