maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(whitby): Enable Gerrit & cgit deployments

Browse source 
Change-Id: Ic701552e130252cfff005938d9c4e98423a7a96a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1069
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
This commit is contained in:
Vincent Ambo 2020-07-12 14:02:50 +01:00 committed by tazjin
parent d76f1eb10b
commit 405b7ec95b
3 changed files with 67 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

18
ops/nixos/whitby/default.nix
View file

@ -17,13 +17,17 @@ in {
imports = [ imports = [
"${depot.depotPath}/ops/nixos/clbot.nix" "${depot.depotPath}/ops/nixos/clbot.nix"
"${depot.depotPath}/ops/nixos/depot.nix" "${depot.depotPath}/ops/nixos/depot.nix"
"${depot.depotPath}/ops/nixos/monorepo-gerrit.nix"
"${depot.depotPath}/ops/nixos/smtprelay.nix" "${depot.depotPath}/ops/nixos/smtprelay.nix"
"${depot.depotPath}/ops/nixos/sourcegraph.nix" "${depot.depotPath}/ops/nixos/sourcegraph.nix"
"${depot.depotPath}/ops/nixos/tvl-slapd/default.nix" "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix"
"${depot.depotPath}/ops/nixos/tvl-sso/default.nix" "${depot.depotPath}/ops/nixos/tvl-sso/default.nix"
"${depot.depotPath}/ops/nixos/www/cl.tvl.fyi.nix"
"${depot.depotPath}/ops/nixos/www/code.tvl.fyi.nix"
"${depot.depotPath}/ops/nixos/www/cs.tvl.fyi.nix" "${depot.depotPath}/ops/nixos/www/cs.tvl.fyi.nix"
"${depot.depotPath}/ops/nixos/www/login.tvl.fyi.nix" "${depot.depotPath}/ops/nixos/www/login.tvl.fyi.nix"
"${depot.depotPath}/ops/nixos/www/tvl.fyi.nix" "${depot.depotPath}/ops/nixos/www/tvl.fyi.nix"
"${depot.third_party.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix"
]; ];
hardware = { hardware = {
@ -110,7 +114,7 @@ in {
interface = "enp196s0"; interface = "enp196s0";
}; };
firewall.allowedTCPPorts = [ 22 80 443 4238 ]; firewall.allowedTCPPorts = [ 22 80 443 4238 29418 ];
interfaces.enp196s0.useDHCP = true; interfaces.enp196s0.useDHCP = true;
interfaces.enp196s0.ipv6.addresses = [ interfaces.enp196s0.ipv6.addresses = [
@ -204,6 +208,18 @@ in {
zfstools zfstools
]; ];
# Run cgit for the depot. The onion here is nginx(thttpd(cgit)).
systemd.services.cgit = {
wantedBy = [ "multi-user.target" ];
script = "${depot.web.cgit-taz}/bin/cgit-launch";
serviceConfig = {
Restart = "on-failure";
User = "git";
Group = "git";
};
};
security.sudo.extraRules = [ security.sudo.extraRules = [
{ {
groups = ["wheel"]; groups = ["wheel"];

23
ops/nixos/www/cl.tvl.fyi.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts.gerrit = {
serverName = "cl.tvl.fyi";
enableACME = true;
forceSSL = true;
extraConfig = ''
location / {
proxy_pass http://localhost:4778;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
'';
};
};
}

27
ops/nixos/www/code.tvl.fyi.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
imports = [
./base.nix
];
config = {
services.nginx.virtualHosts.cgit = {
serverName = "code.tvl.fyi";
enableACME = true;
forceSSL = true;
extraConfig = ''
# Static assets must always hit the root.
location ~ ^/(favicon\.ico|cgit\.(css|png))$ {
proxy_pass http://localhost:2448;
}
# Everything else hits the depot directly.
location / {
proxy_pass http://localhost:2448/cgit.cgi/depot/;
}
'';
};
};
}