about summary refs log tree commit diff
path: root/ops/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'ops/nixos')
-rw-r--r--ops/nixos/camden/default.nix20
-rw-r--r--ops/nixos/modules/monorepo-gerrit.nix16
2 files changed, 35 insertions, 1 deletions
diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index 9496d14b5a89..5db84ef50e7f 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -9,6 +9,8 @@ in lib.fix(self: {
   imports = [
     ../modules/depot.nix
     ../modules/hound.nix
+    ../modules/monorepo-gerrit.nix
+    "${pkgs.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix"
   ];
   depot = depot;
 
@@ -108,7 +110,6 @@ in lib.fix(self: {
     (with depot; [
       fun.idual.script
       fun.idual.setAlarm
-      third_party.honk
       third_party.pounce
     ]) ++
 
@@ -230,6 +231,11 @@ in lib.fix(self: {
       group = "nginx";
       webroot = "/var/lib/acme/acme-challenge";
       postRun = "systemctl reload nginx";
+      extraDomains = {
+        "cl.tvl.fyi" = null;
+        "code.tvl.fyi" = null;
+        "cs.tvl.fyi" = null;
+      };
     };
   };
 
@@ -395,6 +401,18 @@ in lib.fix(self: {
         }
       '';
     };
+
+    virtualHosts.gerrit = {
+      serverName = "cl.tvl.fyi";
+      useACMEHost = "tvl.fyi";
+      forceSSL = true;
+
+      extraConfig = ''
+        location / {
+          proxy_pass http://localhost:4778;
+        }
+      '';
+    };
   };
 
   # Timer units that can be started with systemd-run to set my alarm.
diff --git a/ops/nixos/modules/monorepo-gerrit.nix b/ops/nixos/modules/monorepo-gerrit.nix
new file mode 100644
index 000000000000..2b8e5e773852
--- /dev/null
+++ b/ops/nixos/modules/monorepo-gerrit.nix
@@ -0,0 +1,16 @@
+# Gerrit configuration for the TVL monorepo
+{ pkgs, config, lib, ... }:
+
+{
+  services.gerrit = {
+    enable = true;
+    listenAddress = "[::]:4778"; # 4778 - grrt
+    serverId = "4fdfa107-4df9-4596-8e0a-1d2bbdd96e36";
+    settings = {
+      core.packedGitLimit = "100m";
+      log.jsonLogging = true;
+      log.textLogging = false;
+      # TODO: gitweb config
+    };
+  };
+}