about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-05-26 09:08:23 -0700
committerFranck Cuny <franck@fcuny.net>2022-05-26 09:08:23 -0700
commit78539c2f9b3e1203cada307caca99d1ce920bb90 (patch)
tree80264f40d9e67f26770604654e22291341a7afeb
parentfix(gerrit): use localhost for the proxy (diff)
downloadworld-78539c2f9b3e1203cada307caca99d1ce920bb90.tar.gz
fix(gerrit): force gerrit to run as the git user
The default configuration wants to run gerrit with a DynamicUser.
However, this prevent the server to generate the ssh keys needed by
gerrit. Instead, we can force the server to run with the 'git' user,
which already exists.
-rw-r--r--modules/services/gerrit/default.nix11
1 files changed, 11 insertions, 0 deletions
diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix
index 6eaece4..df285d3 100644
--- a/modules/services/gerrit/default.nix
+++ b/modules/services/gerrit/default.nix
@@ -42,6 +42,17 @@ in {
       };
     };
 
+    systemd.services.gerrit = {
+      serviceConfig = {
+        # Using DynamicUser fails to generate correctly the ssh keys
+        # needed for the ssh server that is managed by gerrit.
+        # Instead, let's re-use the git user.
+        DynamicUser = lib.mkForce false;
+        User = "git";
+        Group = "git";
+      };
+    };
+
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
       enableACME = true;