From a4e5f66ccaffff99c7520a888a1dab18db2bdf16 Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bsima.me>
Date: Sat, 12 Nov 2022 15:43:17 -0500
Subject: Deploy gerrit
---
Biz/Cloud/Git.nix | 50 ++++++++++++++++++++++++++++++++++++++++++++++++--
Biz/Cloud/Ports.nix | 2 ++
Biz/Cloud/Web.nix | 2 ++
3 files changed, 52 insertions(+), 2 deletions(-)
(limited to 'Biz')
diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix
index 55ca441..a3ae25c 100644
--- a/Biz/Cloud/Git.nix
+++ b/Biz/Cloud/Git.nix
@@ -1,8 +1,9 @@
-{ lib, config, ... }:
+{ lib, config, pkgs, ... }:
let
inherit (config.networking) domain;
root = "/var/git";
+ ports = import ./Ports.nix;
in {
services = {
gitolite = {
@@ -27,7 +28,7 @@ in {
gitDaemon = {
enable = true;
basePath = "${root}/repositories";
- listenAddress = "simatime.com";
+ listenAddress = domain;
user = "gitDaemon";
group = "gitDaemon";
};
@@ -53,6 +54,51 @@ in {
'')
];
};
+ gerrit = {
+ enable = true;
+ builtinPlugins = [
+ "commit-message-length-validator"
+ "plugin-manager"
+ "singleusergroup"
+ "reviewnotes"
+ ];
+ jvmOpts = [
+ # https://stackoverflow.com/a/71817404
+ "--add-opens" "java.base/java.lang=ALL-UNNAMED"
+ "--add-opens" "java.base/java.util=ALL-UNNAMED"
+ ];
+ plugins = [
+ (pkgs.fetchurl {
+ url = "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar";
+ sha256 = "sha256-MS3ElMRUrBX4miiflepMETRK3SaASqpqO3nUn9kq3Gk=";
+ })
+ ];
+ listenAddress = "[::]:${toString ports.gerrit}";
+ serverId = "cc6cca15-2a7e-4946-89b9-67f5d6d996ae";
+ settings = {
+ auth.type = "OAUTH";
+ auth.gitBasicAuthPolicy = "HTTP";
+ download.command = [ "checkout" "cherry_pick" "pull" "format_patch"];
+ gerrit.canonicalWebUrl = "https://gerrit.${domain}";
+ httpd.listenUrl = "proxy-https://${config.services.gerrit.listenAddress}";
+ plugin.gerrit-oauth-provider-github-oauth = {
+ root-url = "https://github.com";
+ client-id = "e48084aa0eebe31a2b18";
+ };
+ sshd.advertisedAddress = "gerrit.${domain}:${toString ports.gerrit-ssh}";
+ sshd.listenAddress = "[::]:${toString ports.gerrit-ssh}";
+ };
+ };
+ nginx.virtualHosts."gerrit.${domain}" = {
+ forceSSL = true;
+ useACMEHost = domain;
+ locations."/" = {
+ proxyPass = "http://localhost:${toString ports.gerrit}";
+ extraConfig = ''
+ proxy_set_header X-Forwarded-For $remote_addr;
+ '';
+ };
+ };
};
# need to specify that these users can access git files by being part of the
# git group
diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix
index 63d8e3a..3213271 100644
--- a/Biz/Cloud/Ports.nix
+++ b/Biz/Cloud/Ports.nix
@@ -7,6 +7,8 @@
dragons = 8095;
et = 2022;
gemini = 1965;
+ gerrit = 8081;
+ gerrit-ssh = 2222;
git = 9418;
hoogle = 8008;
http = 80;
diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix
index 747a58d..cd2e745 100644
--- a/Biz/Cloud/Web.nix
+++ b/Biz/Cloud/Web.nix
@@ -16,6 +16,7 @@ in
ports.gemini
ports.radicale
ports.znc
+ ports.gerrit-ssh
];
};
@@ -238,5 +239,6 @@ in
"youtube"
"www.youtube"
"sd"
+ "gerrit"
];
}
--
cgit v1.2.3