39d589b84b
Change-Id: Idc0b5210793ab0d83b3ac99cf36d7f7f02a35a37 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5931 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
45 lines
1.2 KiB
Nix
45 lines
1.2 KiB
Nix
# Configuration for receiving a depot replica from Gerrit's
|
|
# replication plugin.
|
|
#
|
|
# This only prepares the user and folder for receiving the replica,
|
|
# but Gerrit configuration still needs to be modified in addition.
|
|
{ config, depot, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.services.depot.replica;
|
|
in
|
|
{
|
|
options.services.depot.replica = with lib; {
|
|
enable = mkEnableOption "Receive depot git replica from Gerrit";
|
|
|
|
key = mkOption {
|
|
description = "Public key to use for replication";
|
|
type = types.str;
|
|
default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFFab9O1xaQ1TCyn+CxmXHexdlLzURREG+UR3Qdi3BvH";
|
|
};
|
|
|
|
path = mkOption {
|
|
description = "Replication destination path (will be created)";
|
|
type = types.str;
|
|
default = "/var/lib/depot";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
users.groups.depot = { };
|
|
|
|
users.users.depot = {
|
|
group = "depot";
|
|
isSystemUser = true;
|
|
createHome = true;
|
|
home = cfg.path;
|
|
homeMode = "755"; # everyone can read depot
|
|
openssh.authorizedKeys.keys = lib.singleton cfg.key;
|
|
shell = pkgs.bashInteractive; # gerrit needs to run shell commands
|
|
};
|
|
|
|
environment.systemPackages = [
|
|
pkgs.git
|
|
];
|
|
};
|
|
}
|