diff options
author | Vincent Ambo <tazjin@google.com> | 2020-06-10T22·40+0000 |
---|---|---|
committer | Vincent Ambo <tazjin@google.com> | 2020-06-11T21·13+0000 |
commit | 1d403296099b28b45a60b1f6b87eb649a63430fe (patch) | |
tree | e660512da60c8fa7d7da7cc32a39535a9ccbbac5 /ops/nixos/modules | |
parent | 8ace1010bc56c6574f23c10f408d90c850f1573a (diff) |
fix(monorepo-gerrit): Configure nginx reverse proxy correctly r/904
Configures the reverse-proxy as per Gerrit's documentation at https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
Diffstat (limited to 'ops/nixos/modules')
-rw-r--r-- | ops/nixos/modules/monorepo-gerrit.nix | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ops/nixos/modules/monorepo-gerrit.nix b/ops/nixos/modules/monorepo-gerrit.nix index 6721b1c5fd15..52a96990c975 100644 --- a/ops/nixos/modules/monorepo-gerrit.nix +++ b/ops/nixos/modules/monorepo-gerrit.nix @@ -1,7 +1,8 @@ # Gerrit configuration for the TVL monorepo { pkgs, config, lib, ... }: -{ +let cfg = config.services.gerrit; +in { services.gerrit = { enable = true; listenAddress = "[::]:4778"; # 4778 - grrt @@ -10,7 +11,11 @@ core.packedGitLimit = "100m"; log.jsonLogging = true; log.textLogging = false; - # TODO: gitweb config + + # Configures gerrit for being reverse-proxied by nginx as per + # https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html + gerrit.canonicalWebUrl = "https://cl.tvl.fyi"; + httpd.listenUrl = "proxy-https://${cfg.listenAddress}"; # Configures integration with the locally running OpenLDAP auth.type = "LDAP"; @@ -21,7 +26,6 @@ accountFullName = "cn"; accountEmailAddress = "mail"; groupBase = "ou=groups,dc=tvl,dc=fyi"; - gerrit.canonicalWebUrl = "https://cl.tvl.fyi"; # TODO(tazjin): Assuming this is what we'll be doing ... groupMemberPattern = "(&(objectClass=group)(member=\${dn}))"; |