From c6f2f6924b4a11fb8dba8db5fb5ae1a732b7adbd Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Sun, 2 Feb 2025 00:25:15 +0300
Subject: [PATCH] feat(ops/nevsky): run TVL Gerrit instance

Runs the Gerrit instance with the same config as previously on whitby. Data has
been migrated manually using `tailscale file` (which worked surprisingly well).

Change-Id: I6e85f932c834b2c36fc40327ae081ee396c5e16f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13077
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 ops/machines/nevsky/default.nix | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/ops/machines/nevsky/default.nix b/ops/machines/nevsky/default.nix
index 275b7acaf..f3f8dcb1c 100644
--- a/ops/machines/nevsky/default.nix
+++ b/ops/machines/nevsky/default.nix
@@ -11,11 +11,14 @@ in
     (mod "harmonia.nix")
     (mod "irccat.nix")
     (mod "known-hosts.nix")
+    (mod "monorepo-gerrit.nix")
     (mod "owothia.nix")
     (mod "smtprelay.nix")
+    (mod "restic.nix")
     (mod "tvl-buildkite.nix")
     (mod "tvl-users.nix")
     (mod "www/cache.tvl.fyi.nix")
+    (mod "www/cl.tvl.fyi.nix")
     (mod "www/self-cache.tvl.fyi.nix")
     (mod "www/self-redirect.nix")
     (depot.third_party.agenix.src + "/modules/age.nix")
@@ -224,7 +227,7 @@ in
       "8.8.4.4"
     ];
 
-    firewall.allowedTCPPorts = [ 22 80 443 ];
+    firewall.allowedTCPPorts = [ 22 80 443 29418 ];
     firewall.allowedUDPPorts = [ 51820 ];
   };
 
@@ -421,6 +424,17 @@ in
     commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }];
   }];
 
+  users = {
+    # Set up a user & group for git shenanigans
+    groups.git = { };
+    users.git = {
+      group = "git";
+      isSystemUser = true;
+      createHome = true;
+      home = "/var/lib/git";
+    };
+  };
+
   zramSwap.enable = true;
 
   system.stateVersion = "24.11";