about summary refs log tree commit diff
path: root/modules/services
diff options
context:
space:
mode:
Diffstat (limited to 'modules/services')
-rw-r--r--modules/services/default.nix1
-rw-r--r--modules/services/gerrit/default.nix50
2 files changed, 51 insertions, 0 deletions
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 538e564..ae9be9c 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -6,6 +6,7 @@
     ./backup
     ./drone
     ./fwupd
+    ./gerrit
     ./gitea
     ./gnome
     ./grafana
diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix
new file mode 100644
index 0000000..3d0e3df
--- /dev/null
+++ b/modules/services/gerrit/default.nix
@@ -0,0 +1,50 @@
+{ config, pkgs, lib, ... }:
+let cfg = config.my.services.gerrit;
+in {
+  options.my.services.gerrit = with lib; {
+    enable = mkEnableOption "gerrit git server";
+    vhostName = mkOption {
+      type = types.str;
+      example = "cl.fcuny.net";
+      description = "Name for the virtual host";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.gerrit = {
+      enable = true;
+      listenAddress = "[::]:4778";
+      builtinPlugins = [ "download-commands" "hooks" ];
+      jvmHeapLimit = "4g";
+
+      settings = {
+        core.packedGitLimit = "100m";
+        log.jsonLogging = true;
+        log.textLogging = false;
+        sshd.advertisedAddress = "git.fcuny.net:29418";
+        cache.web_sessions.maxAge = "3 months";
+        plugins.allowRemoteAdmin = false;
+        change.enableAttentionSet = true;
+        change.enableAssignee = false;
+
+        gerrit = {
+          canonicalWebUrl = "https://${cfg.vhostName}";
+          docUrl = "/Documentation";
+        };
+
+        httpd.listenUrl = "proxy-https://${cfg.listenAddress}";
+
+        download.command = [ "checkout" "cherry_pick" "format_patch" "pull" ];
+
+        # Receiving email is not currently supported.
+        sendemail = { enable = false; };
+      };
+    };
+
+    services.nginx.virtualHosts."${cfg.vhostName}}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = { proxyPass = "http://127.0.0.1:4778"; };
+    };
+  };
+}