From f4fbea2c6a9838d4f117822d56691ad5456b1130 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Thu, 26 May 2022 08:11:28 -0700
Subject: feat(gerrit): add the gerrit server

Gerrit is a tool for doing code review for git. It will be running at
cl.fcuny.net and will be the main way to interact with my git
repositories.
---
 modules/services/default.nix        |  1 +
 modules/services/gerrit/default.nix | 50 +++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 modules/services/gerrit/default.nix

(limited to 'modules/services')

diff --git a/modules/services/default.nix b/modules/services/default.nix
index 538e564..ae9be9c 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -6,6 +6,7 @@
     ./backup
     ./drone
     ./fwupd
+    ./gerrit
     ./gitea
     ./gnome
     ./grafana
diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix
new file mode 100644
index 0000000..3d0e3df
--- /dev/null
+++ b/modules/services/gerrit/default.nix
@@ -0,0 +1,50 @@
+{ config, pkgs, lib, ... }:
+let cfg = config.my.services.gerrit;
+in {
+  options.my.services.gerrit = with lib; {
+    enable = mkEnableOption "gerrit git server";
+    vhostName = mkOption {
+      type = types.str;
+      example = "cl.fcuny.net";
+      description = "Name for the virtual host";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.gerrit = {
+      enable = true;
+      listenAddress = "[::]:4778";
+      builtinPlugins = [ "download-commands" "hooks" ];
+      jvmHeapLimit = "4g";
+
+      settings = {
+        core.packedGitLimit = "100m";
+        log.jsonLogging = true;
+        log.textLogging = false;
+        sshd.advertisedAddress = "git.fcuny.net:29418";
+        cache.web_sessions.maxAge = "3 months";
+        plugins.allowRemoteAdmin = false;
+        change.enableAttentionSet = true;
+        change.enableAssignee = false;
+
+        gerrit = {
+          canonicalWebUrl = "https://${cfg.vhostName}";
+          docUrl = "/Documentation";
+        };
+
+        httpd.listenUrl = "proxy-https://${cfg.listenAddress}";
+
+        download.command = [ "checkout" "cherry_pick" "format_patch" "pull" ];
+
+        # Receiving email is not currently supported.
+        sendemail = { enable = false; };
+      };
+    };
+
+    services.nginx.virtualHosts."${cfg.vhostName}}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = { proxyPass = "http://127.0.0.1:4778"; };
+    };
+  };
+}
-- 
cgit 1.4.1