Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 8faa2562e0499d7aa68b7a4c2c9e6ad11353567e^! / .
commit8faa2562e0499d7aa68b7a4c2c9e6ad11353567e[log] [tgz]
authorTheCodedProf <coded@clicks.codes>Wed Oct 25 14:26:19 2023 -0400
committerSkyler Grey <minion@clicks.codes>Sat Nov 11 17:35:59 2023 +0000
tree56392d3cd0bd1924ec2a3aefecb8e59a15eb7453
parentbcb46d30ee425ed9a54d67a8318fdfe2976578c5 [diff]
Remove extraneous gerrit credentials

Gerrit doesn't use postgres for a database, instead it uses NodeDb (a git based
solution). When we originally created our gerrit server, we provisioned a
postgres database for it due to old options. This commit removes that

Change-Id: Ic3ead06cc246ebfbfb1bfaaacdab451e556ec3e5

diff --git a/modules/gerrit.nix b/modules/gerrit.nix
index 36bc1cd..0937773 100644
--- a/modules/gerrit.nix
+++ b/modules/gerrit.nix

@@ -1,11 +1,6 @@
 { pkgs, config, lib, base, system, ... }:
 let cfg = config.services.gerrit;
 in lib.recursiveUpdate {
-  sops.secrets.clicks_gerrit_db_password = {
-    mode = lib.mkForce "0440";
-    group = lib.mkForce "gerrit";
-  };
-
   users.users.gerrit = {
     isSystemUser = true;
     createHome = true;
@@ -22,13 +17,7 @@
   services.gerrit = {
     enable = true;
 
-    /* jvmOpts = [
-         "-Djava.class.path=${pkgs.postgresql_jdbc}/share/java"
-       ];
-    */
-
     settings = {
-      # accountPatchReviewDb.url = "postgresql://localhost:${toString config.services.postgresql.port}/gerrit?user=gerrit&password=!!gerrit_database_password!!";
       accounts = {
         visibility = "SAME_GROUP";
         defaultDisplayName = "USERNAME";
@@ -88,7 +77,7 @@
         canonicalGitUrl = "ssh://ssh.clicks.codes/";
         gitHttpUrl = "https://git.clicks.codes/";
         reportBugUrl =
-          "https://discord.gg/bPaNnxe"; # TODO: kinda obnoxious, better to setup bugzilla/similar
+          "https://discord.gg/bPaNnxe"; # TODO: kinda obnoxious, better to setup openproject
         enablePeerIPInReflogRecord = true;
         instanceId = "a1d1";
         instanceName = "a1d1.clicks";

diff --git a/modules/postgres.nix b/modules/postgres.nix
index 48a8627..05dc882 100644
--- a/modules/postgres.nix
+++ b/modules/postgres.nix

@@ -30,10 +30,6 @@
         ensurePermissions = { "DATABASE keycloak" = "ALL PRIVILEGES"; };
       }
       {
-        name = "gerrit";
-        ensurePermissions = { "DATABASE gerrit" = "ALL PRIVILEGES"; };
-      }
-      {
         name = "vaultwarden";
         ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; };
       }
@@ -77,10 +73,6 @@
         passwordFile = config.sops.secrets.clicks_keycloak_db_password.path;
       }
       {
-        user = "gerrit";
-        passwordFile = config.sops.secrets.clicks_gerrit_db_password.path;
-      }
-      {
         user = "vaultwarden";
         passwordFile = config.sops.secrets.clicks_bitwarden_db_password.path;
       }
@@ -103,7 +95,6 @@
   sops.secrets = lib.pipe [
     "clicks_grafana_db_password"
     "clicks_keycloak_db_password"
-    "clicks_gerrit_db_password"
     "clicks_bitwarden_db_password"
     "clicks_privatebin_db_password"
     "clicks_nextcloud_db_password"

diff --git a/secrets/postgres.json b/secrets/postgres.json
index 2b057d8..e96dc77 100644
--- a/secrets/postgres.json
+++ b/secrets/postgres.json

@@ -3,7 +3,6 @@
 	"clicks_keycloak_db_password": "ENC[AES256_GCM,data:duwBc+bJnfn1Erzi1FijzOtrruTsdOZDFmVA6OWMwrN/YBE8Dy5PEfMJ0acZ2Wc544426Dp70fHppIMqdoJPFbOSsmgysLoxfQLxk7iJaO56N6ZUMMk4qQT7Y/u2m5uJS43R1O5wRz+C6IYCu0ixXOj/+6dDigk2Ur2i3OjrS/4=,iv:X1DSnWSO1js9bQVgMHX1wN1NkfFylnGHAluoNQ7ztpw=,tag:cKPfZU0j4NYTIYlp6UXzGA==,type:str]",
 	"clicks_bitwarden_db_password": "ENC[AES256_GCM,data:NR5ezR022u5MJmMq1veRbx89gRUS07pJq6d4i8lfgSM3uhrq1LtgP7KT5T9my1koBynGYTPvA2TMUQbePrVQYiPVMWzFRaYHzV29xKJqbTC6s7KdWLs6VxeRQMzCfmakqYf2mw==,iv:wEjSkr7NJvE8ZcEgNe6zL5h3UFwBidKySUCD6elpmeA=,tag:B0bujxD6F+OyytMCRrwltw==,type:str]",
 	"clicks_privatebin_db_password": "ENC[AES256_GCM,data:T+NIe961xTXO/B9RCr/KlhlOLHcz8RfVnCn/+PexGUSeQ9suQ1wdILt14GvEuAUczN3bTT1sy9wRM656lAwWA/nsF3yML+5VwQo/aKo2R66Ga9Lnslg8tquQuwEpWb2tRg6BDEwUl0iLrvGKODAKuu3ClXJEJTASeTCZMv0jUQY=,iv:NFsZbKKCfji9DGDRQHFfH+insWGxbS6xqsng40ckC4M=,tag:LR5Ay8ZowkD7s3pEHjws2w==,type:str]",
-	"clicks_gerrit_db_password": "ENC[AES256_GCM,data:0QJH5KEi25NG3EvN9HF7Y7DeSemp6imouqoytwLZldpD9XlCa1wt14Re3ykADfIUzp6OjGIHY6XHdglN1/pqUOzmxb+3rG82FyNgUI9O91F8+1g8U7TjaQkfjlWudxhlDkwnQNSu5FcBuJ04BEtBWJ7l/POJ5BVi4bX9N9hGsdc=,iv:564WVx1tkYHvebqXKVaBFBmu9NYbDgiQ8YVmMMQFqPQ=,tag:zfWgB3Fje4sogYKGiiu/lg==,type:str]",
 	"clicks_nextcloud_db_password": "ENC[AES256_GCM,data:Tu4BRo0qkpp+RXYlQO7PIfZM40tquvQUt9hbtZdKRotrOg81CGjZLISjNELr8pLCQK4AAfCJ7UPdR0ZztJfhrj5vPnaQM/2nHO4aMuhfnkOX00MDJhum/j1I0Adx/Au9zAaIONaKMBXLmX/g3FU2s6Yp7OtZ7/4FoWAYbG4zSbY=,iv:LjlkKkVNybg9EU9pytsmyYJrFMym0RmSvIFI/KKcpyc=,tag:rPyOh+KtAmo9OeY0Wm1sCQ==,type:str]",
 	"sops": {
 		"kms": null,
@@ -30,4 +29,4 @@
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.7.3"
 	}
-}
\ No newline at end of file
+}