From 4870b1a2ff8cec7f7e0ce9be1cb25e0ba463e3d3 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Thu, 9 Dec 2021 16:45:06 +0300
Subject: feat(ops/modules): Add module for running gerrit-queue

This is not yet including the secret configuration for gerrit-queue,
and just expects the secret (gerrit username & password) to be
available in /etc/secrets.

Change-Id: Ia465ef7f3f521c70d606d7fdeba9aa83c7e1b98b
---
 ops/machines/whitby/default.nix |  4 ++++
 ops/modules/gerrit-queue.nix    | 51 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 ops/modules/gerrit-queue.nix

(limited to 'ops')

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 20abd72be8e2..78945a74174b 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -9,6 +9,7 @@ in {
     "${depot.path}/ops/modules/atward.nix"
     "${depot.path}/ops/modules/automatic-gc.nix"
     "${depot.path}/ops/modules/clbot.nix"
+    "${depot.path}/ops/modules/gerrit-queue.nix"
     "${depot.path}/ops/modules/git-serving.nix"
     "${depot.path}/ops/modules/irccat.nix"
     "${depot.path}/ops/modules/monorepo-gerrit.nix"
@@ -337,6 +338,9 @@ in {
         "/var/lib/znc"
       ];
     };
+
+    # Run autosubmit bot for Gerrit
+    gerrit-queue.enable = true;
   };
 
   services.postgresql = {
diff --git a/ops/modules/gerrit-queue.nix b/ops/modules/gerrit-queue.nix
new file mode 100644
index 000000000000..a4b073f8560b
--- /dev/null
+++ b/ops/modules/gerrit-queue.nix
@@ -0,0 +1,51 @@
+# Configuration for the Gerrit autosubmit bot (//third_party/gerrit-queue)
+{ depot, pkgs, config, lib, ... }:
+
+let
+  cfg = config.services.depot.gerrit-queue;
+  description = "gerrit-queue - autosubmit bot for Gerrit";
+  mkStringOption = default: lib.mkOption {
+    inherit default;
+    type = lib.types.str;
+  };
+in {
+  options.services.depot.gerrit-queue = {
+    enable = lib.mkEnableOption description;
+    gerritUrl = mkStringOption "https://cl.tvl.fyi";
+    gerritProject = mkStringOption "depot";
+    gerritBranch = mkStringOption "canon";
+
+    interval = with lib; mkOption {
+      type = types.int;
+      default = 60;
+      description = "Interval (in seconds) for submit queue checks";
+    };
+
+    secretsFile = with lib; mkOption {
+      description = "Path to a systemd EnvironmentFile containing secrets";
+      default = "/run/agenix/gerrit-queue";
+      type = types.str;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.gerrit-queue = {
+      inherit description;
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        ExecStart = "${depot.third_party.gerrit-queue}/bin/gerrit-queue";
+        DynamicUser = true;
+        Restart = "always";
+        EnvironmentFile = cfg.secretsFile;
+      };
+
+      environment = {
+        GERRIT_URL = cfg.gerritUrl;
+        GERRIT_PROJECT = cfg.gerritProject;
+        GERRIT_BRANCH = cfg.gerritBranch;
+        SUBMIT_QUEUE_TRIGGER_INTERVAL = toString cfg.interval;
+      };
+    };
+  };
+}
-- 
cgit 1.4.1