tvl-depot/ops/modules/depot-replica.nix

# Configuration for receiving a depot replica from Gerrit's
# replication plugin.
#
# This only prepares the user and folder for receiving the replica,
# but Gerrit configuration still needs to be modified in addition.
{ config, depot, lib, pkgs, ... }:

let
  cfg = config.services.depot.replica;
in
{
  options.services.depot.replica = with lib; {
    enable = mkEnableOption "Receive depot git replica from Gerrit";

    key = mkOption {
      description = "Public key to use for replication";
      type = types.str;
      default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFFab9O1xaQ1TCyn+CxmXHexdlLzURREG+UR3Qdi3BvH";
    };

    path = mkOption {
      description = "Replication destination path (will be created)";
      type = types.str;
      default = "/var/lib/depot";
    };
  };

  config = lib.mkIf cfg.enable {
    users.groups.depot = { };

    users.users.depot = {
      group = "depot";
      isSystemUser = true;
      createHome = true;
      home = cfg.path;
      homeMode = "750"; # group can read depot
      openssh.authorizedKeys.keys = lib.singleton cfg.key;
      shell = pkgs.bashInteractive; # gerrit needs to run shell commands
    };

    environment.systemPackages = [
      pkgs.git
    ];
  };
}
feat(ops/modules): add module for receiving a depot replica This module sets up a user with an SSH key and permissions to receive a (pushed) replica of depot from Gerrit. This still needs appropriate configuration in Gerrit's replication plugin on the other end. This module has been enabled for sanduny. For now it does not (yet) configure git serving. Change-Id: I0fb6f7e696609e71008308e855bdf305dcbcd4f7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5913 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> 2022-07-03 13:34:29 +02:00			`# Configuration for receiving a depot replica from Gerrit's`
			`# replication plugin.`
			`#`
			`# This only prepares the user and folder for receiving the replica,`
			`# but Gerrit configuration still needs to be modified in addition.`
			`{ config, depot, lib, pkgs, ... }:`

			`let`
			`cfg = config.services.depot.replica;`
			`in`
			`{`
			`options.services.depot.replica = with lib; {`
			`enable = mkEnableOption "Receive depot git replica from Gerrit";`

			`key = mkOption {`
			`description = "Public key to use for replication";`
			`type = types.str;`
			`default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFFab9O1xaQ1TCyn+CxmXHexdlLzURREG+UR3Qdi3BvH";`
			`};`

			`path = mkOption {`
			`description = "Replication destination path (will be created)";`
			`type = types.str;`
			`default = "/var/lib/depot";`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`users.groups.depot = { };`

			`users.users.depot = {`
			`group = "depot";`
			`isSystemUser = true;`
			`createHome = true;`
			`home = cfg.path;`
			`homeMode = "750"; # group can read depot`
			`openssh.authorizedKeys.keys = lib.singleton cfg.key;`
			`shell = pkgs.bashInteractive; # gerrit needs to run shell commands`
			`};`

			`environment.systemPackages = [`
			`pkgs.git`
			`];`
			`};`
			`}`