feat(nixos/sourcegraph): Add a module for running SourceGraph
This module spins up the Sourcegraph container. Builds: Note that this is contrary to how our other deployments work, but packaging Sourcegraph is quite difficult (it's a Gitlab style deployment with a lot of moving parts and third-party things that it bundles). If we decide to keep it around, we will want to look at packaging it in Nix in the future. Deployment: The deployment is a hack. Sourcegraph does not support public instances, but we want it to be public. To work around this we have configured HTTP-proxy based authentication (i.e. auth via a header) and hardcoded a static header. This works, but lets anonymous users change the "Anonymous" user's settings. We can expect this to get defaced (profile picture, name etc), until we figure out how to write some nginx configuration to drop those requests. See git-bug for details. The Sourcegraph configuration is also not checked in to the repository. It's unclear where in the data directory it is stored. Change-Id: I414ff11c3b49989b6792d697bffc8a0edf96c9cb Reviewed-on: https://cl.tvl.fyi/c/depot/+/425 Reviewed-by: lukegb <lukegb@tvl.fyi>
This commit is contained in:
parent
ba945dadf8
commit
654f13d405
2 changed files with 36 additions and 2 deletions
26
ops/nixos/sourcegraph.nix
Normal file
26
ops/nixos/sourcegraph.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
# Run sourcegraph, including its entire machinery, in a container.
|
||||
# Running it outside of a container is a futile endeavour for now.
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let cfg = config.services.depot.sourcegraph;
|
||||
in {
|
||||
options.services.depot.sourcegraph = {
|
||||
enable = lib.mkEnableOption "SourceGraph code search engine";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
virtualisation.oci-containers.containers.sourcegraph = {
|
||||
image = "sourcegraph/server:3.16.1";
|
||||
|
||||
ports = [
|
||||
"127.0.0.1:3463:7080"
|
||||
"127.0.0.1:3370:3370"
|
||||
];
|
||||
|
||||
volumes = [
|
||||
"/var/lib/sourcegraph/etc:/etc/sourcegraph"
|
||||
"/var/lib/sourcegraph/data:/var/opt/sourcegraph"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -18,6 +18,7 @@ in lib.fix(self: {
|
|||
"${depot.depotPath}/ops/nixos/depot.nix"
|
||||
"${depot.depotPath}/ops/nixos/hound.nix"
|
||||
"${depot.depotPath}/ops/nixos/monorepo-gerrit.nix"
|
||||
"${depot.depotPath}/ops/nixos/sourcegraph.nix"
|
||||
"${depot.depotPath}/ops/nixos/smtprelay.nix"
|
||||
"${depot.depotPath}/ops/nixos/tvl-slapd/default.nix"
|
||||
"${pkgs.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix"
|
||||
|
@ -258,6 +259,8 @@ in lib.fix(self: {
|
|||
applicationCredentials = "/etc/gcp/key.json";
|
||||
};
|
||||
|
||||
# Run a SourceGraph code search instance
|
||||
services.depot.sourcegraph.enable = true;
|
||||
|
||||
# Start a local SMTP relay to Gmail (used by gerrit)
|
||||
services.depot.smtprelay = {
|
||||
|
@ -393,14 +396,19 @@ in lib.fix(self: {
|
|||
'';
|
||||
};
|
||||
|
||||
virtualHosts.hound = {
|
||||
virtualHosts.sourcegraph = {
|
||||
serverName = "cs.tvl.fyi";
|
||||
useACMEHost = "tvl.fyi";
|
||||
forceSSL = true;
|
||||
|
||||
extraConfig = ''
|
||||
location / {
|
||||
proxy_pass http://localhost:6080;
|
||||
proxy_set_header X-Sg-Auth "Anonymous";
|
||||
proxy_pass http://localhost:3463;
|
||||
}
|
||||
|
||||
location /users/Anonymous/settings {
|
||||
return 301 https://cs.tvl.fyi;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue