about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ops/nixos/modules/monorepo-gerrit.nix13
1 files changed, 13 insertions, 0 deletions
diff --git a/ops/nixos/modules/monorepo-gerrit.nix b/ops/nixos/modules/monorepo-gerrit.nix
index c0a06caee92c..f09258a498eb 100644
--- a/ops/nixos/modules/monorepo-gerrit.nix
+++ b/ops/nixos/modules/monorepo-gerrit.nix
@@ -33,4 +33,17 @@ in {
       };
     };
   };
+
+  systemd.services.gerrit = {
+    serviceConfig = {
+      # There seems to be no easy way to get `DynamicUser` to play
+      # well with other services (e.g. by using SupplementaryGroups,
+      # which seem to have no effect) so we force the DynamicUser
+      # setting for the Gerrit service to be disabled and reuse the
+      # existing 'git' user.
+      DynamicUser = lib.mkForce false;
+      User = "git";
+      Group = "git";
+    };
+  };
 }