maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snix/ops/nixos/modules/monorepo-gerrit.nix
Vincent Ambo 37bbc43146 feat(camden): Move cgit to code.tvl.fyi 
Moves the host at which cgit is served to 'code.tvl.fyi'.

Also updates related projects that link to this, most importantly:

* Hound's & Gerrit's cgit link bases have been updated
* besadii is updated to request CI builds for the new location

Change-Id: I44e3e584010ac29cc913ebb1a197c996eb024d80
Reviewed-on: https://cl.tvl.fyi/c/depot/+/71
Reviewed-by: lukegb <lukegb@tvl.fyi>
2020-06-12 01:14:21 +00:00

63 lines
2 KiB
Nix
Raw Blame History

# Gerrit configuration for the TVL monorepo
{ pkgs, config, lib, ... }:
let cfg = config.services.gerrit;
in {
services.gerrit = {
enable = true;
listenAddress = "[::]:4778"; # 4778 - grrt
serverId = "4fdfa107-4df9-4596-8e0a-1d2bbdd96e36";
settings = {
core.packedGitLimit = "100m";
log.jsonLogging = true;
log.textLogging = false;
# Configures gerrit for being reverse-proxied by nginx as per
# https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
gerrit.canonicalWebUrl = "https://cl.tvl.fyi";
httpd.listenUrl = "proxy-https://${cfg.listenAddress}";
# Configure for cgit.
gitweb = {
type = "custom";
url = "https://code.tvl.fyi";
project = "/";
revision = "/commit/?id=\${commit}";
branch = "/log/?h=\${branch}";
tag = "/tag/?h=\${tag}";
roottree = "/tree/?h=\${commit}";
file = "/tree/\${file}?h=\${commit}";
filehistory = "/log/\${file}?h=\${branch}";
linkname = "cgit";
};
# Configures integration with the locally running OpenLDAP
auth.type = "LDAP";
ldap = {
server = "ldap://localhost";
accountBase = "ou=users,dc=tvl,dc=fyi";
accountPattern = "(&(objectClass=organizationalPerson)(cn=\${username}))";
accountFullName = "cn";
accountEmailAddress = "mail";
accountSshUserName = "cn";
groupBase = "ou=groups,dc=tvl,dc=fyi";
# TODO(tazjin): Assuming this is what we'll be doing ...
groupMemberPattern = "(&(objectClass=group)(member=\${dn}))";
};
};
};
systemd.services.gerrit = {
serviceConfig = {
# There seems to be no easy way to get `DynamicUser` to play
# well with other services (e.g. by using SupplementaryGroups,
# which seem to have no effect) so we force the DynamicUser
# setting for the Gerrit service to be disabled and reuse the
# existing 'git' user.
DynamicUser = lib.mkForce false;
User = "git";
Group = "git";
};
};
}
Reference in a new issue View git blame Copy permalink