Format with nixfmt
Change-Id: If9839d2c3308538ac8f3e166b69675d3b40bd7d9
diff --git a/modules/gerrit.nix b/modules/gerrit.nix
index 962fb2b..6c0749c 100644
--- a/modules/gerrit.nix
+++ b/modules/gerrit.nix
@@ -1,7 +1,6 @@
-{ pkgs, config, lib, base, system, ... }: let
- cfg = config.services.gerrit;
-in lib.recursiveUpdate
-{
+{ pkgs, config, lib, base, system, ... }:
+let cfg = config.services.gerrit;
+in lib.recursiveUpdate {
sops.secrets.clicks_gerrit_db_password = {
mode = lib.mkForce "0440";
group = lib.mkForce "gerrit";
@@ -14,7 +13,7 @@
group = config.users.groups.gerrit.name;
shell = pkgs.bashInteractive;
};
- users.groups.gerrit = {};
+ users.groups.gerrit = { };
systemd.services.gerrit.serviceConfig.User = "gerrit";
systemd.services.gerrit.serviceConfig.Group = "gerrit";
@@ -24,8 +23,9 @@
enable = true;
/* jvmOpts = [
- "-Djava.class.path=${pkgs.postgresql_jdbc}/share/java"
- ]; */
+ "-Djava.class.path=${pkgs.postgresql_jdbc}/share/java"
+ ];
+ */
settings = {
# accountPatchReviewDb.url = "postgresql://localhost:${toString config.services.postgresql.port}/gerrit?user=gerrit&password=!!gerrit_database_password!!";
@@ -60,13 +60,15 @@
};
changeCleanup = {
abandonAfter = "3 weeks";
- abandonMessage = "This change was abandoned due to 3 weeks of inactivity. If you still want it, please restore it";
+ abandonMessage =
+ "This change was abandoned due to 3 weeks of inactivity. If you still want it, please restore it";
startTime = "00:00";
interval = "1 day";
};
attentionSet = {
readdAfter = "1 week";
- readdMessage = "I've given the owner a *ping* as nothing has happened for a week. If in two weeks time the change is still inactive, I'll abandon it for you. If you still want it, please do something before then";
+ readdMessage =
+ "I've given the owner a *ping* as nothing has happened for a week. If in two weeks time the change is still inactive, I'll abandon it for you. If you still want it, please do something before then";
startTime = "00:00";
interval = "1 day";
};
@@ -85,13 +87,17 @@
canonicalWebUrl = "https://git.clicks.codes/";
canonicalGitUrl = "ssh://ssh.clicks.codes/";
gitHttpUrl = "https://git.clicks.codes/";
- reportBugUrl = "https://discord.gg/bPaNnxe"; # TODO: kinda obnoxious, better to setup bugzilla/similar
+ reportBugUrl =
+ "https://discord.gg/bPaNnxe"; # TODO: kinda obnoxious, better to setup bugzilla/similar
enablePeerIPInReflogRecord = true;
instanceId = "a1d1";
instanceName = "a1d1.clicks";
};
mimetype = lib.pipe [ "image/*" "video/*" "application/pdf" ] [
- (map (name: { inherit name; value.safe = true; }))
+ (map (name: {
+ inherit name;
+ value.safe = true;
+ }))
builtins.listToAttrs
];
receive.enableSignedPush = true;
@@ -105,53 +111,61 @@
httpd.listenUrl = "proxy-https://${cfg.listenAddress}";
};
- plugins = [ (
- derivation {
- name = "oauth.jar"; # HACK: wrapping a derivation in a derivation to rename it seems like a bad hack... but bazel would not build if I didn't (I think because it didn't like the .jar extension...) check why though?
- src = (
- pkgs.buildBazelPackage {
- __noChroot = true; # FIXME: terrible, horrible, no good, very bad
- # name = "gerrit-oauth-provider.jar";
- pname = "gerrit-oauth-provider.jar";
- version = "unstable-2023-10-08";
- src = pkgs.fetchgit {
- url = "https://gerrit.googlesource.com/plugins/oauth";
- rev = "1b3cc407cb2571d08601ab852e6e01f82d27160f";
- hash = "sha256-yC/8qnkDbfIujl+Cvamr+EQSwto1DcIUWXh5cwDEZHo=";
- deepClone = true; # FIXME: this bazel build uses some git stuff, maybe we should try replacing with fakegit?
- };
- bazelTargets = [ "oauth" ];
- bazel = pkgs.bazel_4;
- buildAttrs = {};
- fetchAttrs.sha256 = "sha256-i5wOTn2NqqgJf4TCIqaCucpXu+5Vm5C84UPrGYFMSzc=";
+ plugins = [
+ (derivation {
+ name =
+ "oauth.jar"; # HACK: wrapping a derivation in a derivation to rename it seems like a bad hack... but bazel would not build if I didn't (I think because it didn't like the .jar extension...) check why though?
+ src = (pkgs.buildBazelPackage {
+ __noChroot = true; # FIXME: terrible, horrible, no good, very bad
+ # name = "gerrit-oauth-provider.jar";
+ pname = "gerrit-oauth-provider.jar";
+ version = "unstable-2023-10-08";
+ src = pkgs.fetchgit {
+ url = "https://gerrit.googlesource.com/plugins/oauth";
+ rev = "1b3cc407cb2571d08601ab852e6e01f82d27160f";
+ hash = "sha256-yC/8qnkDbfIujl+Cvamr+EQSwto1DcIUWXh5cwDEZHo=";
+ deepClone =
+ true; # FIXME: this bazel build uses some git stuff, maybe we should try replacing with fakegit?
+ };
+ bazelTargets = [ "oauth" ];
+ bazel = pkgs.bazel_4;
+ buildAttrs = { };
+ fetchAttrs.sha256 =
+ "sha256-i5wOTn2NqqgJf4TCIqaCucpXu+5Vm5C84UPrGYFMSzc=";
- postUnpack = ''
- echo "4.2.2" > */.bazelversion # nixpkgs only has certain bazel versions, so let's upgrade the patch of this one
- '';
+ postUnpack = ''
+ echo "4.2.2" > */.bazelversion # nixpkgs only has certain bazel versions, so let's upgrade the patch of this one
+ '';
- buildInputs = with pkgs; [
- git
- curl
- jdk11
- ];
+ buildInputs = with pkgs; [ git curl jdk11 ];
- postInstall = ''
- cp bazel-bin/oauth.jar $out
- '';
- }
- );
+ postInstall = ''
+ cp bazel-bin/oauth.jar $out
+ '';
+ });
builder = "/bin/sh";
args = [ "-c" "${pkgs.coreutils}/bin/cp $src $out" ];
inherit system;
- }
- ) ];
- builtinPlugins = [ "codemirror-editor" "commit-message-length-validator" "delete-project" "download-commands" "gitiles" "hooks" "reviewnotes" "singleusergroup" "webhooks" ];
+ })
+ ];
+ builtinPlugins = [
+ "codemirror-editor"
+ "commit-message-length-validator"
+ "delete-project"
+ "download-commands"
+ "gitiles"
+ "hooks"
+ "reviewnotes"
+ "singleusergroup"
+ "webhooks"
+ ];
serverId = "45f277d0-fce7-43b7-9eb3-2e3234e0110f";
listenAddress = "127.0.0.255:1000";
};
- nix.settings.sandbox = "relaxed"; # FIXME: terrible, horrible, no good, very bad, here to support buildBazelPackage's use of cURL
+ nix.settings.sandbox =
+ "relaxed"; # FIXME: terrible, horrible, no good, very bad, here to support buildBazelPackage's use of cURL
sops.secrets = {
gerrit_email_private_key = {
@@ -169,34 +183,30 @@
format = "json";
};
};
-}
- (
- let
- isDerived = base != null;
- in
- if isDerived
- then
- let
- gerrit_cfgfile = pkgs.writeText "gerrit.conf" (
- lib.generators.toGitINI cfg.settings
- );
- in
- {
- scalpel.trafos."gerrit.conf" = {
- source = toString gerrit_cfgfile;
- matchers."gerrit_email_private_key".secret =
- config.sops.secrets.gerrit_email_private_key.path;
- matchers."gerrit_oauth_client_secret".secret =
- config.sops.secrets.gerrit_oauth_client_secret.path;
- owner = config.users.users.nobody.name;
- group = "gerrit";
- mode = "0040";
- };
+} (let isDerived = base != null;
+in if isDerived then
+ let
+ gerrit_cfgfile =
+ pkgs.writeText "gerrit.conf" (lib.generators.toGitINI cfg.settings);
+ in {
+ scalpel.trafos."gerrit.conf" = {
+ source = toString gerrit_cfgfile;
+ matchers."gerrit_email_private_key".secret =
+ config.sops.secrets.gerrit_email_private_key.path;
+ matchers."gerrit_oauth_client_secret".secret =
+ config.sops.secrets.gerrit_oauth_client_secret.path;
+ owner = config.users.users.nobody.name;
+ group = "gerrit";
+ mode = "0040";
+ };
- systemd.services.gerrit.preStart = base.config.systemd.services.gerrit.preStart + ''
+ systemd.services.gerrit.preStart =
+ base.config.systemd.services.gerrit.preStart + ''
rm etc/gerrit.config
- ln -sfv ${config.scalpel.trafos."gerrit.conf".destination} etc/gerrit.config
- '';
- }
- else {}
- )
+ ln -sfv ${
+ config.scalpel.trafos."gerrit.conf".destination
+ } etc/gerrit.config
+ '';
+ }
+else
+ { })