about summary refs log tree commit diff
path: root/modules/services/gerrit/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/services/gerrit/default.nix')
-rw-r--r--modules/services/gerrit/default.nix151
1 files changed, 0 insertions, 151 deletions
diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix
deleted file mode 100644
index 1592839..0000000
--- a/modules/services/gerrit/default.nix
+++ /dev/null
@@ -1,151 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.my.services.gerrit;
-  secrets = config.age.secrets;
-
-  my-gerrit-hook = name:
-    pkgs.writeShellScript "my-gerrit-hook" ''
-      exec -a ${name} ${pkgs.tools.gerrit-hook}/bin/gerrit-hook "$@"
-    '';
-
-  gerritHooks = pkgs.runCommandNoCC "gerrit-hooks" { } ''
-    mkdir -p $out
-    ln -s ${my-gerrit-hook "patchset-created"} $out/patchset-created
-  '';
-
-  oauth = pkgs.fetchurl {
-    url =
-      "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar";
-    sha256 = "312dc494c454ac15f89a289f95ea4c11344add26804aaa6a3b79d49fd92adc69";
-  };
-in
-{
-  options.my.services.gerrit = with lib; {
-    enable = mkEnableOption "gerrit git server";
-    vhostName = mkOption {
-      type = types.str;
-      example = "cl.fcuny.net";
-      description = "Name for the virtual host";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    users.users.git = {
-      description = "git";
-      home = "/var/lib/gerrit";
-      useDefaultShell = true;
-      group = "git";
-      isSystemUser = true;
-    };
-    users.groups.git = { };
-
-    services.gerrit = {
-      enable = true;
-      listenAddress = "[::]:4778";
-      serverId = "36bc0ffe-8f33-4045-bf8b-de5f88815fc0";
-      builtinPlugins = [
-        # commands to download changes
-        "download-commands"
-        # to run custom hooks
-        "hooks"
-        # stores review information for Gerrit changes in the
-        # refs/notes/review branch.
-        "reviewnotes"
-        # delete projects via the command line
-        "delete-project"
-      ];
-      jvmHeapLimit = "4g";
-
-      plugins = [ oauth ];
-
-      # The default JDK is incompatible with gerrit.
-      jvmPackage = pkgs.openjdk11_headless;
-
-      settings = {
-        core.packedGitLimit = "100m";
-        log.jsonLogging = true;
-        log.textLogging = false;
-        sshd.advertisedAddress = "git.fcuny.net:29418";
-        hooks.path = "${gerritHooks}";
-        cache.web_sessions.maxAge = "3 months";
-        plugins.allowRemoteAdmin = false;
-        change.enableAttentionSet = true;
-        change.enableAssignee = false;
-
-        gerrit = {
-          canonicalWebUrl = "https://${cfg.vhostName}";
-          docUrl = "/Documentation";
-        };
-
-        httpd.listenUrl = "proxy-https://localhost:4778";
-
-        download.command = [ "checkout" "cherry_pick" "format_patch" "pull" ];
-
-        # Configure for cgit.
-        gitweb = {
-          type = "custom";
-          url = "https://git.fcuny.net";
-          project = "/\${project}";
-          revision = "/commit/?id=\${commit}";
-          branch = "/log/?h=\${branch}";
-          tag = "/tag/?h=\${tag}";
-          roottree = "/tree/?h=\${commit}";
-          file = "/tree/\${file}?h=\${commit}";
-          filehistory = "/log/\${file}?h=\${branch}";
-          linkname = "cgit";
-        };
-
-        auth.type = "OAUTH";
-
-        # users can change their emails
-        oauth.allowRegisterNewEmail = true;
-
-        plugin.gerrit-oauth-provider-google-oauth = {
-          client-id =
-            "966881439540-5k20bis59lqs2bsi3rukfbveu8r0ta8q.apps.googleusercontent.com";
-        };
-
-        # use gerrit HTTP password
-        auth.gitBasicAuthPolicy = "HTTP";
-
-        # Receiving email is not currently supported.
-        sendemail = {
-          enable = true;
-          html = false;
-          connectTimeout = "10sec";
-          from = "gerrit <gerrit@fcuny.net>";
-          includeDiff = true;
-          smtpEncryption = "tls";
-          smtpServer = "smtp.fastmail.com";
-          smtpServerPort = 587;
-        };
-      };
-    };
-
-    systemd.services.gerrit = {
-      serviceConfig = {
-        # Using DynamicUser fails to generate correctly the ssh keys
-        # needed for the ssh server that is managed by gerrit.
-        # Instead, let's re-use the git user.
-        DynamicUser = lib.mkForce false;
-        User = "git";
-        Group = "git";
-      };
-    };
-
-    my.services.backup = {
-      paths = [ "/var/lib/gerrit" ];
-      exclude = [
-        "/var/lib/gerrit/tmp"
-        "/var/lib/gerrit/logs"
-        "/var/lib/gerrit/cache"
-      ];
-    };
-
-    services.nginx.virtualHosts."${cfg.vhostName}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = { proxyPass = "http://127.0.0.1:4778"; };
-    };
-  };
-}