Blame - modules/gerrit.nix - Infra/NixFiles

blob: 0937773965a5f0f4d439788c6478e16f6dfbe4f6 [file] [log] [blame]

Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	1	{ pkgs, config, lib, base, system, ... }:
				2	let cfg = config.services.gerrit;
				3	in lib.recursiveUpdate {
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	4	users.users.gerrit = {
				5	isSystemUser = true;
				6	createHome = true;
				7	home = "/var/lib/gerrit";
				8	group = config.users.groups.gerrit.name;
				9	shell = pkgs.bashInteractive;
				10	};
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	11	users.groups.gerrit = { };
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	12
				13	systemd.services.gerrit.serviceConfig.User = "gerrit";
				14	systemd.services.gerrit.serviceConfig.Group = "gerrit";
				15	systemd.services.gerrit.serviceConfig.DynamicUser = lib.mkForce false;
				16
				17	services.gerrit = {
				18	enable = true;
				19
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	20	settings = {
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	21	accounts = {
				22	visibility = "SAME_GROUP";
				23	defaultDisplayName = "USERNAME";
				24	};
				25	addReviewer = {
				26	maxWithoutConfirmation = 3;
				27	maxAllowed = 10;
				28	};
				29	auth = {
				30	type = "OAUTH";
				31	registerEmailPrivateKey = "!!gerrit_email_private_key!!";
				32	userNameCaseInsensitive = true;
				33	gitBasicAuthPolicy = "HTTP";
				34	};
				35	plugin."gerrit-oauth-provider-keycloak-oauth" = {
				36	root-url = "https://login.clicks.codes";
				37	realm = "clicks";
				38	client-id = "git";
				39	client-secret = "!!gerrit_oauth_client_secret!!";
				40	use-preferred-username = true;
				41	};
				42	change = {
				43	topicLimit = 0;
				44	mergeabilityComputationBehavior = "API_REF_UPDATED_AND_CHANGE_REINDEX";
				45	sendNewPatchsetEmails = false;
				46	showAssigneeInChangesTable = true;
				47	submitWholeTopic = true;
				48	diff3ConflictView = true;
				49	};
				50	changeCleanup = {
				51	abandonAfter = "3 weeks";
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	52	abandonMessage =
				53	"This change was abandoned due to 3 weeks of inactivity. If you still want it, please restore it";
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	54	startTime = "00:00";
				55	interval = "1 day";
				56	};
				57	attentionSet = {
				58	readdAfter = "1 week";
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	59	readdMessage =
				60	"I've given the owner a ping as nothing has happened for a week. If in two weeks time the change is still inactive, I'll abandon it for you. If you still want it, please do something before then";
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	61	startTime = "00:00";
				62	interval = "1 day";
				63	};
				64	commentlink.gerrit = {
				65	match = "(I[0-9a-f]{8,40})";
				66	link = "/q/$1";
				67	};
				68	gc = {
				69	aggressive = true;
				70	startTime = "Sun 00:00";
				71	interval = "1 week";
				72	};
				73	gerrit = {
				74	basePath = "/var/lib/gerrit/repos";
				75	defaultBranch = "refs/heads/main";
				76	canonicalWebUrl = "https://git.clicks.codes/";
				77	canonicalGitUrl = "ssh://ssh.clicks.codes/";
				78	gitHttpUrl = "https://git.clicks.codes/";
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	79	reportBugUrl =
TheCodedProf	8faa256	2023-10-25 14:26:19 -0400	[diff] [blame^]	80	"https://discord.gg/bPaNnxe"; # TODO: kinda obnoxious, better to setup openproject
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	81	enablePeerIPInReflogRecord = true;
				82	instanceId = "a1d1";
				83	instanceName = "a1d1.clicks";
				84	};
				85	mimetype = lib.pipe [ "image/" "video/" "application/pdf" ] [
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	86	(map (name: {
				87	inherit name;
				88	value.safe = true;
				89	}))
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	90	builtins.listToAttrs
				91	];
				92	receive.enableSignedPush = true;
				93	sendemail.enable = false; # TODO: add credentials to git@clicks.codes
				94	sshd.advertisedAddress = "ssh.clicks.codes:29418";
				95	user = {
				96	name = "Clicks Gerrit";
				97	email = "git@clicks.codes";
				98	anonymousCoward = "Anonymous";
				99	};
				100	httpd.listenUrl = "proxy-https://${cfg.listenAddress}";
				101	};
				102
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	103	plugins = [
Skyler Grey	bcb46d3	2023-11-10 20:48:38 +0000	[diff] [blame]	104	(pkgs.fetchurl {
				105	url = "https://gerrit-ci.gerritforge.com/job/plugin-oauth-bazel-master-master/55/artifact/bazel-bin/plugins/oauth/oauth.jar";
				106	hash = "sha256-Qil1CIh/+XC15rKfW0iYR9u370eF2TXnCNSmQfr+7/8=";
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	107	})
				108	];
				109	builtinPlugins = [
				110	"codemirror-editor"
				111	"commit-message-length-validator"
				112	"delete-project"
				113	"download-commands"
				114	"gitiles"
				115	"hooks"
				116	"reviewnotes"
				117	"singleusergroup"
				118	"webhooks"
				119	];
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	120	serverId = "45f277d0-fce7-43b7-9eb3-2e3234e0110f";
				121
				122	listenAddress = "127.0.0.255:1000";
				123	};
				124
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	125	sops.secrets = {
				126	gerrit_email_private_key = {
				127	mode = "0400";
				128	owner = config.users.users.root.name;
Skyler Grey	bcb46d3	2023-11-10 20:48:38 +0000	[diff] [blame]	129	group = config.users.users.root.group;
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	130	sopsFile = ../secrets/gerrit.json;
				131	format = "json";
				132	};
				133	gerrit_oauth_client_secret = {
				134	mode = "0400";
				135	owner = config.users.users.root.name;
Skyler Grey	bcb46d3	2023-11-10 20:48:38 +0000	[diff] [blame]	136	group = config.users.users.root.group;
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	137	sopsFile = ../secrets/gerrit.json;
				138	format = "json";
				139	};
				140	};
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	141	} (let isDerived = base != null;
				142	in if isDerived then
				143	let
				144	gerrit_cfgfile =
				145	pkgs.writeText "gerrit.conf" (lib.generators.toGitINI cfg.settings);
				146	in {
				147	scalpel.trafos."gerrit.conf" = {
				148	source = toString gerrit_cfgfile;
				149	matchers."gerrit_email_private_key".secret =
				150	config.sops.secrets.gerrit_email_private_key.path;
				151	matchers."gerrit_oauth_client_secret".secret =
				152	config.sops.secrets.gerrit_oauth_client_secret.path;
Skyler Grey	bcb46d3	2023-11-10 20:48:38 +0000	[diff] [blame]	153	owner = config.users.users.root.name;
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	154	group = "gerrit";
				155	mode = "0040";
				156	};
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	157
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	158	systemd.services.gerrit.preStart =
				159	base.config.systemd.services.gerrit.preStart + ''
Skyler Grey	08758a6	2023-10-09 07:35:09 +0000	[diff] [blame]	160	rm etc/gerrit.config
Skyler Grey	fe1740c	2023-10-21 01:24:18 +0000	[diff] [blame]	161	ln -sfv ${
				162	config.scalpel.trafos."gerrit.conf".destination
				163	} etc/gerrit.config
				164	'';
				165	}
				166	else
				167	{ })