diff options
author | Vincent Ambo <mail@tazj.in> | 2020-07-12T13·02+0100 |
---|---|---|
committer | tazjin <mail@tazj.in> | 2020-07-12T13·36+0000 |
commit | 405b7ec95b8dd0c06caa0e4030760821aff370bc (patch) | |
tree | 9b7f226ac6653f950cdba4f1dfe558e548984d3d /ops/nixos | |
parent | d76f1eb10b6b280c2b52b947fa7b915b168bf593 (diff) |
feat(whitby): Enable Gerrit & cgit deployments r/1264
Change-Id: Ic701552e130252cfff005938d9c4e98423a7a96a Reviewed-on: https://cl.tvl.fyi/c/depot/+/1069 Reviewed-by: lukegb <lukegb@tvl.fyi> Tested-by: BuildkiteCI
Diffstat (limited to 'ops/nixos')
-rw-r--r-- | ops/nixos/whitby/default.nix | 18 | ||||
-rw-r--r-- | ops/nixos/www/cl.tvl.fyi.nix | 23 | ||||
-rw-r--r-- | ops/nixos/www/code.tvl.fyi.nix | 27 |
3 files changed, 67 insertions, 1 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix index 7c10719450a8..0c348e0f1165 100644 --- a/ops/nixos/whitby/default.nix +++ b/ops/nixos/whitby/default.nix @@ -17,13 +17,17 @@ in { imports = [ "${depot.depotPath}/ops/nixos/clbot.nix" "${depot.depotPath}/ops/nixos/depot.nix" + "${depot.depotPath}/ops/nixos/monorepo-gerrit.nix" "${depot.depotPath}/ops/nixos/smtprelay.nix" "${depot.depotPath}/ops/nixos/sourcegraph.nix" "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix" "${depot.depotPath}/ops/nixos/tvl-sso/default.nix" + "${depot.depotPath}/ops/nixos/www/cl.tvl.fyi.nix" + "${depot.depotPath}/ops/nixos/www/code.tvl.fyi.nix" "${depot.depotPath}/ops/nixos/www/cs.tvl.fyi.nix" "${depot.depotPath}/ops/nixos/www/login.tvl.fyi.nix" "${depot.depotPath}/ops/nixos/www/tvl.fyi.nix" + "${depot.third_party.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix" ]; hardware = { @@ -110,7 +114,7 @@ in { interface = "enp196s0"; }; - firewall.allowedTCPPorts = [ 22 80 443 4238 ]; + firewall.allowedTCPPorts = [ 22 80 443 4238 29418 ]; interfaces.enp196s0.useDHCP = true; interfaces.enp196s0.ipv6.addresses = [ @@ -204,6 +208,18 @@ in { zfstools ]; + # Run cgit for the depot. The onion here is nginx(thttpd(cgit)). + systemd.services.cgit = { + wantedBy = [ "multi-user.target" ]; + script = "${depot.web.cgit-taz}/bin/cgit-launch"; + + serviceConfig = { + Restart = "on-failure"; + User = "git"; + Group = "git"; + }; + }; + security.sudo.extraRules = [ { groups = ["wheel"]; diff --git a/ops/nixos/www/cl.tvl.fyi.nix b/ops/nixos/www/cl.tvl.fyi.nix new file mode 100644 index 000000000000..9383f38403da --- /dev/null +++ b/ops/nixos/www/cl.tvl.fyi.nix @@ -0,0 +1,23 @@ +{ config, ... }: + +{ + imports = [ + ./base.nix + ]; + + config = { + services.nginx.virtualHosts.gerrit = { + serverName = "cl.tvl.fyi"; + enableACME = true; + forceSSL = true; + + extraConfig = '' + location / { + proxy_pass http://localhost:4778; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + } + ''; + }; + }; +} diff --git a/ops/nixos/www/code.tvl.fyi.nix b/ops/nixos/www/code.tvl.fyi.nix new file mode 100644 index 000000000000..5ee33f39ca92 --- /dev/null +++ b/ops/nixos/www/code.tvl.fyi.nix @@ -0,0 +1,27 @@ +{ config, ... }: + +{ + imports = [ + ./base.nix + ]; + + config = { + services.nginx.virtualHosts.cgit = { + serverName = "code.tvl.fyi"; + enableACME = true; + forceSSL = true; + + extraConfig = '' + # Static assets must always hit the root. + location ~ ^/(favicon\.ico|cgit\.(css|png))$ { + proxy_pass http://localhost:2448; + } + + # Everything else hits the depot directly. + location / { + proxy_pass http://localhost:2448/cgit.cgi/depot/; + } + ''; + }; + }; +} |