diff options
| author | Vincent Ambo <mail@tazj.in> | 2020-06-16T03·26+0100 |
|---|---|---|
| committer | tazjin <mail@tazj.in> | 2020-06-16T13·40+0000 |
| commit | 654f13d40575d2c51a215d9654e9d5a319cdac45 (patch) | |
| tree | 31deac2a054484f15fb42db2fa9846f539e3864c /users | |
| parent | ba945dadf89bf14f23f083201291181cfefbde74 (diff) | |
feat(nixos/sourcegraph): Add a module for running SourceGraph r/995
This module spins up the Sourcegraph container. Builds: Note that this is contrary to how our other deployments work, but packaging Sourcegraph is quite difficult (it's a Gitlab style deployment with a lot of moving parts and third-party things that it bundles). If we decide to keep it around, we will want to look at packaging it in Nix in the future. Deployment: The deployment is a hack. Sourcegraph does not support public instances, but we want it to be public. To work around this we have configured HTTP-proxy based authentication (i.e. auth via a header) and hardcoded a static header. This works, but lets anonymous users change the "Anonymous" user's settings. We can expect this to get defaced (profile picture, name etc), until we figure out how to write some nginx configuration to drop those requests. See git-bug for details. The Sourcegraph configuration is also not checked in to the repository. It's unclear where in the data directory it is stored. Change-Id: I414ff11c3b49989b6792d697bffc8a0edf96c9cb Reviewed-on: https://cl.tvl.fyi/c/depot/+/425 Reviewed-by: lukegb <lukegb@tvl.fyi>
Diffstat (limited to 'users')
| -rw-r--r-- | users/tazjin/nixos/camden/default.nix | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/users/tazjin/nixos/camden/default.nix b/users/tazjin/nixos/camden/default.nix index 9fa4ef7a8e..e63faef029 100644 --- a/users/tazjin/nixos/camden/default.nix +++ b/users/tazjin/nixos/camden/default.nix @@ -18,6 +18,7 @@ in lib.fix(self: { "${depot.depotPath}/ops/nixos/depot.nix" "${depot.depotPath}/ops/nixos/hound.nix" "${depot.depotPath}/ops/nixos/monorepo-gerrit.nix" + "${depot.depotPath}/ops/nixos/sourcegraph.nix" "${depot.depotPath}/ops/nixos/smtprelay.nix" "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix" "${pkgs.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix" @@ -258,6 +259,8 @@ in lib.fix(self: { applicationCredentials = "/etc/gcp/key.json"; }; + # Run a SourceGraph code search instance + services.depot.sourcegraph.enable = true; # Start a local SMTP relay to Gmail (used by gerrit) services.depot.smtprelay = { @@ -393,14 +396,19 @@ in lib.fix(self: { ''; }; - virtualHosts.hound = { + virtualHosts.sourcegraph = { serverName = "cs.tvl.fyi"; useACMEHost = "tvl.fyi"; forceSSL = true; extraConfig = '' location / { - proxy_pass http://localhost:6080; + proxy_set_header X-Sg-Auth "Anonymous"; + proxy_pass http://localhost:3463; + } + + location /users/Anonymous/settings { + return 301 https://cs.tvl.fyi; } ''; }; |