diff options
Diffstat (limited to 'modules/services/gerrit/default.nix')
-rw-r--r-- | modules/services/gerrit/default.nix | 151 |
1 files changed, 0 insertions, 151 deletions
diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix deleted file mode 100644 index 1592839..0000000 --- a/modules/services/gerrit/default.nix +++ /dev/null @@ -1,151 +0,0 @@ -{ config, pkgs, lib, ... }: -let - cfg = config.my.services.gerrit; - secrets = config.age.secrets; - - my-gerrit-hook = name: - pkgs.writeShellScript "my-gerrit-hook" '' - exec -a ${name} ${pkgs.tools.gerrit-hook}/bin/gerrit-hook "$@" - ''; - - gerritHooks = pkgs.runCommandNoCC "gerrit-hooks" { } '' - mkdir -p $out - ln -s ${my-gerrit-hook "patchset-created"} $out/patchset-created - ''; - - oauth = pkgs.fetchurl { - url = - "https://github.com/davido/gerrit-oauth-provider/releases/download/v3.5.1/gerrit-oauth-provider.jar"; - sha256 = "312dc494c454ac15f89a289f95ea4c11344add26804aaa6a3b79d49fd92adc69"; - }; -in -{ - options.my.services.gerrit = with lib; { - enable = mkEnableOption "gerrit git server"; - vhostName = mkOption { - type = types.str; - example = "cl.fcuny.net"; - description = "Name for the virtual host"; - }; - }; - - config = lib.mkIf cfg.enable { - users.users.git = { - description = "git"; - home = "/var/lib/gerrit"; - useDefaultShell = true; - group = "git"; - isSystemUser = true; - }; - users.groups.git = { }; - - services.gerrit = { - enable = true; - listenAddress = "[::]:4778"; - serverId = "36bc0ffe-8f33-4045-bf8b-de5f88815fc0"; - builtinPlugins = [ - # commands to download changes - "download-commands" - # to run custom hooks - "hooks" - # stores review information for Gerrit changes in the - # refs/notes/review branch. - "reviewnotes" - # delete projects via the command line - "delete-project" - ]; - jvmHeapLimit = "4g"; - - plugins = [ oauth ]; - - # The default JDK is incompatible with gerrit. - jvmPackage = pkgs.openjdk11_headless; - - settings = { - core.packedGitLimit = "100m"; - log.jsonLogging = true; - log.textLogging = false; - sshd.advertisedAddress = "git.fcuny.net:29418"; - hooks.path = "${gerritHooks}"; - cache.web_sessions.maxAge = "3 months"; - plugins.allowRemoteAdmin = false; - change.enableAttentionSet = true; - change.enableAssignee = false; - - gerrit = { - canonicalWebUrl = "https://${cfg.vhostName}"; - docUrl = "/Documentation"; - }; - - httpd.listenUrl = "proxy-https://localhost:4778"; - - download.command = [ "checkout" "cherry_pick" "format_patch" "pull" ]; - - # Configure for cgit. - gitweb = { - type = "custom"; - url = "https://git.fcuny.net"; - project = "/\${project}"; - revision = "/commit/?id=\${commit}"; - branch = "/log/?h=\${branch}"; - tag = "/tag/?h=\${tag}"; - roottree = "/tree/?h=\${commit}"; - file = "/tree/\${file}?h=\${commit}"; - filehistory = "/log/\${file}?h=\${branch}"; - linkname = "cgit"; - }; - - auth.type = "OAUTH"; - - # users can change their emails - oauth.allowRegisterNewEmail = true; - - plugin.gerrit-oauth-provider-google-oauth = { - client-id = - "966881439540-5k20bis59lqs2bsi3rukfbveu8r0ta8q.apps.googleusercontent.com"; - }; - - # use gerrit HTTP password - auth.gitBasicAuthPolicy = "HTTP"; - - # Receiving email is not currently supported. - sendemail = { - enable = true; - html = false; - connectTimeout = "10sec"; - from = "gerrit <gerrit@fcuny.net>"; - includeDiff = true; - smtpEncryption = "tls"; - smtpServer = "smtp.fastmail.com"; - smtpServerPort = 587; - }; - }; - }; - - systemd.services.gerrit = { - serviceConfig = { - # Using DynamicUser fails to generate correctly the ssh keys - # needed for the ssh server that is managed by gerrit. - # Instead, let's re-use the git user. - DynamicUser = lib.mkForce false; - User = "git"; - Group = "git"; - }; - }; - - my.services.backup = { - paths = [ "/var/lib/gerrit" ]; - exclude = [ - "/var/lib/gerrit/tmp" - "/var/lib/gerrit/logs" - "/var/lib/gerrit/cache" - ]; - }; - - services.nginx.virtualHosts."${cfg.vhostName}" = { - forceSSL = true; - enableACME = true; - locations."/" = { proxyPass = "http://127.0.0.1:4778"; }; - }; - }; -} |