diff options
author | Vincent Ambo <mail@tazj.in> | 2020-07-12T13·02+0100 |
---|---|---|
committer | tazjin <mail@tazj.in> | 2020-07-12T13·36+0000 |
commit | 405b7ec95b8dd0c06caa0e4030760821aff370bc (patch) | |
tree | 9b7f226ac6653f950cdba4f1dfe558e548984d3d /ops/nixos/whitby | |
parent | d76f1eb10b6b280c2b52b947fa7b915b168bf593 (diff) |
feat(whitby): Enable Gerrit & cgit deployments r/1264
Change-Id: Ic701552e130252cfff005938d9c4e98423a7a96a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1069 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
Diffstat (limited to 'ops/nixos/whitby')
-rw-r--r-- | ops/nixos/whitby/default.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix index 7c10719450a8..0c348e0f1165 100644 --- a/ops/nixos/whitby/default.nix +++ b/ops/nixos/whitby/default.nix @@ -17,13 +17,17 @@ in { imports = [ "${depot.depotPath}/ops/nixos/clbot.nix" "${depot.depotPath}/ops/nixos/depot.nix" + "${depot.depotPath}/ops/nixos/monorepo-gerrit.nix" "${depot.depotPath}/ops/nixos/smtprelay.nix" "${depot.depotPath}/ops/nixos/sourcegraph.nix" "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix" "${depot.depotPath}/ops/nixos/tvl-sso/default.nix" + "${depot.depotPath}/ops/nixos/www/cl.tvl.fyi.nix" + "${depot.depotPath}/ops/nixos/www/code.tvl.fyi.nix" "${depot.depotPath}/ops/nixos/www/cs.tvl.fyi.nix" "${depot.depotPath}/ops/nixos/www/login.tvl.fyi.nix" "${depot.depotPath}/ops/nixos/www/tvl.fyi.nix" + "${depot.third_party.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix" ]; hardware = { @@ -110,7 +114,7 @@ in { interface = "enp196s0"; }; - firewall.allowedTCPPorts = [ 22 80 443 4238 ]; + firewall.allowedTCPPorts = [ 22 80 443 4238 29418 ]; interfaces.enp196s0.useDHCP = true; interfaces.enp196s0.ipv6.addresses = [ @@ -204,6 +208,18 @@ in { zfstools ]; + # Run cgit for the depot. The onion here is nginx(thttpd(cgit)). + systemd.services.cgit = { + wantedBy = [ "multi-user.target" ]; + script = "${depot.web.cgit-taz}/bin/cgit-launch"; + + serviceConfig = { + Restart = "on-failure"; + User = "git"; + Group = "git"; + }; + }; + security.sudo.extraRules = [ { groups = ["wheel"]; |