feat(ops): configure depot replication to sanduny

this configures gerrit's built-in replication plugin to push every change in depot to sanduny. this allows us to serve a replica of depot from sanduny. manual config that was needed which needs to be automated: * system-wide known_hosts does not work, needed one in /var/lib/git * .ssh/config MUST be present and configured for sanduny.tvl.su Change-Id: Iba399f2328abb5acb65dae19a36e265eea0952ac Reviewed-on: https://cl.tvl.fyi/c/depot/+/5915 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-07-03 15:28:51 +03:00 · 2022-07-03 15:28:51 +03:00 · c08e47903e
commit c08e47903e
parent 9bc049425a
2 changed files with 21 additions and 0 deletions
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@ -278,6 +278,14 @@ in
        file = secretFile "nix-cache-pub";
        mode = "0444";
      };
+
+      depot-replica-key = {
+        file = secretFile "depot-replica-key";
+        mode = "0500";
+        owner = "git";
+        group = "git";
+        path = "/var/lib/git/.ssh/id_ed25519";
+      };
    };

  # Automatically collect garbage from the Nix store.
--- a/ops/modules/monorepo-gerrit.nix
+++ b/ops/modules/monorepo-gerrit.nix
@ -20,9 +20,11 @@ in
    enable = true;
    listenAddress = "[::]:4778"; # 4778 - grrt
    serverId = "4fdfa107-4df9-4596-8e0a-1d2bbdd96e36";
+
    builtinPlugins = [
      "download-commands"
      "hooks"
+      "replication"
    ];

    plugins = with depot.third_party.gerrit_plugins; [
@ -130,6 +132,17 @@ in
        smtpServerPort = 2525;
      };
    };
+
+    # Replication of the depot repository to secondary machines, for
+    # serving cgit/josh.
+    replicationSettings = {
+      gerrit.replicateOnStartup = true;
+
+      remote.sanduny = {
+        url = "depot@sanduny.tvl.su:/var/lib/depot";
+        projects = "depot";
+      };
+    };
  };

  systemd.services.gerrit = {