feat(ops/nevsky): run TVL Gerrit instance

Runs the Gerrit instance with the same config as previously on whitby. Data has been migrated manually using `tailscale file` (which worked surprisingly well). Change-Id: I6e85f932c834b2c36fc40327ae081ee396c5e16f Reviewed-on: https://cl.tvl.fyi/c/depot/+/13077 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2025-02-02 00:25:15 +03:00 · 2025-02-02 00:25:15 +03:00 · c6f2f6924b
commit c6f2f6924b
parent 4a1a271644
1 changed files with 15 additions and 1 deletions
--- a/ops/machines/nevsky/default.nix
+++ b/ops/machines/nevsky/default.nix
@ -11,11 +11,14 @@ in
    (mod "harmonia.nix")
    (mod "irccat.nix")
    (mod "known-hosts.nix")
+    (mod "monorepo-gerrit.nix")
    (mod "owothia.nix")
    (mod "smtprelay.nix")
+    (mod "restic.nix")
    (mod "tvl-buildkite.nix")
    (mod "tvl-users.nix")
    (mod "www/cache.tvl.fyi.nix")
+    (mod "www/cl.tvl.fyi.nix")
    (mod "www/self-cache.tvl.fyi.nix")
    (mod "www/self-redirect.nix")
    (depot.third_party.agenix.src + "/modules/age.nix")
@ -224,7 +227,7 @@ in
      "8.8.4.4"
    ];

-    firewall.allowedTCPPorts = [ 22 80 443 ];
+    firewall.allowedTCPPorts = [ 22 80 443 29418 ];
    firewall.allowedUDPPorts = [ 51820 ];
  };

@ -421,6 +424,17 @@ in
    commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }];
  }];

+  users = {
+    # Set up a user & group for git shenanigans
+    groups.git = { };
+    users.git = {
+      group = "git";
+      isSystemUser = true;
+      createHome = true;
+      home = "/var/lib/git";
+    };
+  };
+
  zramSwap.enable = true;

  system.stateVersion = "24.11";