refactor(ops/cgit): make user configurable r/4295

on whitby, cgit runs as the gerrit user to get access to serving
gerrit's repositories directly.

on other machines (e.g. sanduny) this isn't necessary, as we have a
world-readable depot replica.

Change-Id: Ibf7e7cc08e5909e0fa182e561ab0cb472188edcb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5932
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>

2 files changed, 24 insertions, 4 deletions

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index ea9f25accb..940cfc910a 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -413,7 +413,11 @@ in
     nixery.enable = true;
 
     # Run cgit & josh to serve git
-    cgit.enable = true;
+    cgit = {
+      enable = true;
+      user = "git"; # run as the same user as gerrit
+    };
+
     josh.enable = true;
 
     # Configure backups to GleSYS
diff --git a/ops/modules/cgit.nix b/ops/modules/cgit.nix
index 25318d1d72..fc3f171585 100644
--- a/ops/modules/cgit.nix
+++ b/ops/modules/cgit.nix
@@ -3,6 +3,14 @@
 
 let
   cfg = config.services.depot.cgit;
+
+  userConfig =
+    if builtins.isNull cfg.user then {
+      DynamicUser = true;
+    } else {
+      User = cfg.user;
+      Group = cfg.user;
+    };
 in
 {
   options.services.depot.cgit = with lib; {
@@ -19,6 +27,16 @@ in
       type = types.str;
       default = "/var/lib/gerrit/git/depot.git/";
     };
+
+    user = mkOption {
+      description = ''
+        User to use for the cgit service. It is expected that this is
+        also the name of the user's primary group.
+      '';
+
+      type = with types; nullOr str;
+      default = null;
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -27,13 +45,11 @@ in
 
       serviceConfig = {
         Restart = "on-failure";
-        User = "git";
-        Group = "git";
 
         ExecStart = depot.web.cgit-tvl.override {
           inherit (cfg) port repo;
         };
-      };
+      } // userConfig;
     };
   };
 }