tvl-depot/ops/nixos/modules/monorepo-gerrit.nix

# Gerrit configuration for the TVL monorepo
{ pkgs, config, lib, ... }:

let cfg = config.services.gerrit;
in {
  services.gerrit = {
    enable = true;
    listenAddress = "[::]:4778"; # 4778 - grrt
    serverId = "4fdfa107-4df9-4596-8e0a-1d2bbdd96e36";
    settings = {
      core.packedGitLimit = "100m";
      log.jsonLogging = true;
      log.textLogging = false;

      # Configures gerrit for being reverse-proxied by nginx as per
      # https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
      gerrit.canonicalWebUrl = "https://cl.tvl.fyi";
      httpd.listenUrl = "proxy-https://${cfg.listenAddress}";

      # Configures integration with the locally running OpenLDAP
      auth.type = "LDAP";
      ldap = {
        server = "ldap://localhost";
        accountBase = "ou=users,dc=tvl,dc=fyi";
        accountPattern = "(&(objectClass=organizationalPerson)(cn=\${username}))";
        accountFullName = "cn";
        accountEmailAddress = "mail";
        groupBase = "ou=groups,dc=tvl,dc=fyi";

        # TODO(tazjin): Assuming this is what we'll be doing ...
        groupMemberPattern = "(&(objectClass=group)(member=\${dn}))";
      };
    };
  };
}
feat(ops/nixos): Add module for configuring Gerrit for the repo 2020-06-07 20:30:52 +02:00			`# Gerrit configuration for the TVL monorepo`
			`{ pkgs, config, lib, ... }:`

fix(monorepo-gerrit): Configure nginx reverse proxy correctly Configures the reverse-proxy as per Gerrit's documentation at https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html 2020-06-11 00:40:34 +02:00			`let cfg = config.services.gerrit;`
			`in {`
feat(ops/nixos): Add module for configuring Gerrit for the repo 2020-06-07 20:30:52 +02:00			`services.gerrit = {`
			`enable = true;`
			`listenAddress = "[::]:4778"; # 4778 - grrt`
			`serverId = "4fdfa107-4df9-4596-8e0a-1d2bbdd96e36";`
			`settings = {`
			`core.packedGitLimit = "100m";`
			`log.jsonLogging = true;`
			`log.textLogging = false;`
fix(monorepo-gerrit): Configure nginx reverse proxy correctly Configures the reverse-proxy as per Gerrit's documentation at https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html 2020-06-11 00:40:34 +02:00
			`# Configures gerrit for being reverse-proxied by nginx as per`
			`# https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html`
			`gerrit.canonicalWebUrl = "https://cl.tvl.fyi";`
			`httpd.listenUrl = "proxy-https://${cfg.listenAddress}";`
feat(monorepo-gerrit): Configure Gerrit for LDAP authentication 2020-06-08 02:35:45 +02:00
			`# Configures integration with the locally running OpenLDAP`
			`auth.type = "LDAP";`
			`ldap = {`
			`server = "ldap://localhost";`
			`accountBase = "ou=users,dc=tvl,dc=fyi";`
			`accountPattern = "(&(objectClass=organizationalPerson)(cn=\${username}))";`
			`accountFullName = "cn";`
			`accountEmailAddress = "mail";`
			`groupBase = "ou=groups,dc=tvl,dc=fyi";`

			`# TODO(tazjin): Assuming this is what we'll be doing ...`
			`groupMemberPattern = "(&(objectClass=group)(member=\${dn}))";`
			`};`
feat(ops/nixos): Add module for configuring Gerrit for the repo 2020-06-07 20:30:52 +02:00			`};`
			`};`
			`}`