feat(ops): configure depot replication to sanduny r/4274

this configures gerrit's built-in replication plugin to push every change in depot to sanduny. this allows us to serve a replica of depot from sanduny. manual config that was needed which needs to be automated: * system-wide known_hosts does not work, needed one in /var/lib/git * .ssh/config MUST be present and configured for sanduny.tvl.su Change-Id: Iba399f2328abb5acb65dae19a36e265eea0952ac Reviewed-on: https://cl.tvl.fyi/c/depot/+/5915 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
author: Vincent Ambo <mail@tazj.in> 2022-07-03T12·28+0300
committer: clbot <clbot@tvl.fyi> 2022-07-03T20·54+0000
commit: c08e47903e19e9a5ea397430e690680d91c5a9ac (patch)
tree: a1e24d8a7550bf627ed1ab73fff147f5075ca389 /ops/machines/whitby/default.nix
parent: 9bc049425af8c256059421a76ec63d3eb703a498 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index ea841e410d..ea9f25accb 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -278,6 +278,14 @@ in
         file = secretFile "nix-cache-pub";
         mode = "0444";
       };
+
+      depot-replica-key = {
+        file = secretFile "depot-replica-key";
+        mode = "0500";
+        owner = "git";
+        group = "git";
+        path = "/var/lib/git/.ssh/id_ed25519";
+      };
     };
 
   # Automatically collect garbage from the Nix store.
author	Vincent Ambo <mail@tazj.in>	2022-07-03T12·28+0300
committer	clbot <clbot@tvl.fyi>	2022-07-03T20·54+0000
commit	c08e47903e19e9a5ea397430e690680d91c5a9ac (patch)
tree	a1e24d8a7550bf627ed1ab73fff147f5075ca389 /ops/machines/whitby/default.nix
parent	9bc049425af8c256059421a76ec63d3eb703a498 (diff)