about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ops/nixos/sourcegraph.nix26
-rw-r--r--users/tazjin/nixos/camden/default.nix12
2 files changed, 36 insertions, 2 deletions
diff --git a/ops/nixos/sourcegraph.nix b/ops/nixos/sourcegraph.nix
new file mode 100644
index 000000000000..dcb12f2c1060
--- /dev/null
+++ b/ops/nixos/sourcegraph.nix
@@ -0,0 +1,26 @@
+# Run sourcegraph, including its entire machinery, in a container.
+# Running it outside of a container is a futile endeavour for now.
+{ config, pkgs, lib, ... }:
+
+let cfg = config.services.depot.sourcegraph;
+in {
+  options.services.depot.sourcegraph = {
+    enable = lib.mkEnableOption "SourceGraph code search engine";
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.oci-containers.containers.sourcegraph = {
+      image = "sourcegraph/server:3.16.1";
+
+      ports = [
+        "127.0.0.1:3463:7080"
+        "127.0.0.1:3370:3370"
+      ];
+
+      volumes = [
+        "/var/lib/sourcegraph/etc:/etc/sourcegraph"
+        "/var/lib/sourcegraph/data:/var/opt/sourcegraph"
+      ];
+    };
+  };
+}
diff --git a/users/tazjin/nixos/camden/default.nix b/users/tazjin/nixos/camden/default.nix
index 9fa4ef7a8e4c..e63faef029c5 100644
--- a/users/tazjin/nixos/camden/default.nix
+++ b/users/tazjin/nixos/camden/default.nix
@@ -18,6 +18,7 @@ in lib.fix(self: {
     "${depot.depotPath}/ops/nixos/depot.nix"
     "${depot.depotPath}/ops/nixos/hound.nix"
     "${depot.depotPath}/ops/nixos/monorepo-gerrit.nix"
+    "${depot.depotPath}/ops/nixos/sourcegraph.nix"
     "${depot.depotPath}/ops/nixos/smtprelay.nix"
     "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix"
     "${pkgs.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix"
@@ -258,6 +259,8 @@ in lib.fix(self: {
     applicationCredentials = "/etc/gcp/key.json";
   };
 
+  # Run a SourceGraph code search instance
+  services.depot.sourcegraph.enable = true;
 
   # Start a local SMTP relay to Gmail (used by gerrit)
   services.depot.smtprelay = {
@@ -393,14 +396,19 @@ in lib.fix(self: {
       '';
     };
 
-    virtualHosts.hound = {
+    virtualHosts.sourcegraph = {
       serverName = "cs.tvl.fyi";
       useACMEHost = "tvl.fyi";
       forceSSL = true;
 
       extraConfig = ''
         location / {
-          proxy_pass http://localhost:6080;
+          proxy_set_header X-Sg-Auth "Anonymous";
+          proxy_pass http://localhost:3463;
+        }
+
+        location /users/Anonymous/settings {
+          return 301 https://cs.tvl.fyi;
         }
       '';
     };