From 6f3699664ad43d6ef917950e47d88658d9d835ff Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Thu, 15 May 2025 21:05:17 +0300
Subject: [PATCH] feat(ops/machines/gerrit01): deploy gerrit-webhook-to-irccat

And allow gerrit01 to send these hooks over to irccat running on meta01.

Issue: https://git.snix.dev/snix/snix/issues/74
Change-Id: Ic5835734b32e8e5a46225e68d4124d55c002d663
Reviewed-on: https://cl.snix.dev/c/snix/+/30527
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz>
---
 ops/machines/gerrit01/default.nix | 6 ++++++
 ops/machines/meta01/default.nix   | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/ops/machines/gerrit01/default.nix b/ops/machines/gerrit01/default.nix
index 3b5e02905..4022c5cb1 100644
--- a/ops/machines/gerrit01/default.nix
+++ b/ops/machines/gerrit01/default.nix
@@ -13,6 +13,7 @@ in
     (mod "o11y/alloy.nix")
     (mod "gerrit-autosubmit.nix")
     (mod "monorepo-gerrit.nix")
+    (mod "gerrit-webhook-to-irccat.nix")
     (mod "www/cl.snix.dev.nix")
     (mod "known-hosts.nix")
 
@@ -70,6 +71,11 @@ in
   services.depot = {
     gerrit-autosubmit.enable = true;
     restic.enable = true;
+    gerrit-webhook-to-irccat = {
+      enable = true;
+      irccatUrl = "http://meta01.infra.snix.dev:4722/send";
+      listenAddress = "127.0.0.1:4779";
+    };
   };
 
   services.fail2ban.enable = true;
diff --git a/ops/machines/meta01/default.nix b/ops/machines/meta01/default.nix
index 4bde42356..d1230a1f1 100644
--- a/ops/machines/meta01/default.nix
+++ b/ops/machines/meta01/default.nix
@@ -63,7 +63,7 @@ in
       # FUTUREWORK: disable tcp listener entirely
       # Maybe this is https://github.com/spf13/viper/issues/323#issuecomment-309570752 ?
       tcp.listen = "127.0.0.1:4723";
-      http.listen = "127.0.0.1:4722";
+      http.listen = ":4722";
       http.listeners.generic = { };
       irc = {
         server = "irc.eu.hackint.org:6697";
@@ -83,6 +83,9 @@ in
     # Prometheus, Loki, Tempo
     ip6 saddr { 2a01:4f8:c013:3e62::1 } tcp dport { 9009, 9090, 9190 } accept
     ip saddr { 49.13.70.233 } tcp dport { 9009, 9090, 9190 } accept
+
+    # Gerrit Webhooks
+    ip6 saddr { 2a01:4f8:c17:6188::1 } tcp dport 4722 accept
   '';
 
   age.secrets =