Add gerrit
Gerrit is a service which provides code review via "changes" (commits) which you
can continually amend, viewing the diffs between them in a very similar way to
<https://graphite.dev/> (which is awesome but too expensive for Clicks to
justify). We hope it'll provide some better structure than the GitHub workflow
we have been using
Still TODO (in a followup change):
- The bazel build for the oauth module is horrible and introduces tips from
<https://zimbatm.com/notes/nix-packaging-the-heretic-way>. This is generally
considered a bad thing. We should change this
- Gerrit cannot yet send emails
Change-Id: I1393b2ae5a1efe049ea2170de46070d8789a2e3a
diff --git a/modules/postgres.nix b/modules/postgres.nix
index d2844c1..d1f8a31 100644
--- a/modules/postgres.nix
+++ b/modules/postgres.nix
@@ -12,8 +12,10 @@
ensureDatabases = [
"vaultwarden"
+ "gerrit"
"privatebin"
"keycloak"
+ "nextcloud"
];
ensureUsers = [
@@ -37,6 +39,12 @@
};
}
{
+ name = "gerrit";
+ ensurePermissions = {
+ "DATABASE gerrit" = "ALL PRIVILEGES";
+ };
+ }
+ {
name = "vaultwarden";
ensurePermissions = {
"DATABASE vaultwarden" = "ALL PRIVILEGES";
@@ -48,6 +56,12 @@
"DATABASE privatebin" = "ALL PRIVILEGES";
};
}
+ {
+ name = "nextcloud";
+ ensurePermissions = {
+ "DATABASE nextcloud" = "ALL PRIVILEGES";
+ };
+ }
] ++ (map
(name: (
{
@@ -80,6 +94,7 @@
(lib.mkAfter (lib.pipe [
{ user = "clicks_grafana"; passwordFile = config.sops.secrets.clicks_grafana_db_password.path; }
{ user = "keycloak"; passwordFile = config.sops.secrets.clicks_keycloak_db_password.path; }
+ { user = "gerrit"; passwordFile = config.sops.secrets.clicks_gerrit_db_password.path; }
{ user = "vaultwarden"; passwordFile = config.sops.secrets.clicks_bitwarden_db_password.path; }
{ user = "privatebin"; passwordFile = config.sops.secrets.clicks_privatebin_db_password.path; }
] [
@@ -93,6 +108,7 @@
sops.secrets = lib.pipe [
"clicks_grafana_db_password"
"clicks_keycloak_db_password"
+ "clicks_gerrit_db_password"
"clicks_bitwarden_db_password"
"clicks_privatebin_db_password"
] [