From c08e47903e19e9a5ea397430e690680d91c5a9ac Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Sun, 3 Jul 2022 15:28:51 +0300
Subject: [PATCH] feat(ops): configure depot replication to sanduny

this configures gerrit's built-in replication plugin to push every
change in depot to sanduny.

this allows us to serve a replica of depot from sanduny.

manual config that was needed which needs to be automated:

* system-wide known_hosts does not work, needed one in /var/lib/git
* .ssh/config MUST be present and configured for sanduny.tvl.su

Change-Id: Iba399f2328abb5acb65dae19a36e265eea0952ac
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5915
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 ops/machines/whitby/default.nix |  8 ++++++++
 ops/modules/monorepo-gerrit.nix | 13 +++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index ea841e410..ea9f25acc 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -278,6 +278,14 @@ in
         file = secretFile "nix-cache-pub";
         mode = "0444";
       };
+
+      depot-replica-key = {
+        file = secretFile "depot-replica-key";
+        mode = "0500";
+        owner = "git";
+        group = "git";
+        path = "/var/lib/git/.ssh/id_ed25519";
+      };
     };
 
   # Automatically collect garbage from the Nix store.
diff --git a/ops/modules/monorepo-gerrit.nix b/ops/modules/monorepo-gerrit.nix
index 509500c91..67be5410d 100644
--- a/ops/modules/monorepo-gerrit.nix
+++ b/ops/modules/monorepo-gerrit.nix
@@ -20,9 +20,11 @@ in
     enable = true;
     listenAddress = "[::]:4778"; # 4778 - grrt
     serverId = "4fdfa107-4df9-4596-8e0a-1d2bbdd96e36";
+
     builtinPlugins = [
       "download-commands"
       "hooks"
+      "replication"
     ];
 
     plugins = with depot.third_party.gerrit_plugins; [
@@ -130,6 +132,17 @@ in
         smtpServerPort = 2525;
       };
     };
+
+    # Replication of the depot repository to secondary machines, for
+    # serving cgit/josh.
+    replicationSettings = {
+      gerrit.replicateOnStartup = true;
+
+      remote.sanduny = {
+        url = "depot@sanduny.tvl.su:/var/lib/depot";
+        projects = "depot";
+      };
+    };
   };
 
   systemd.services.gerrit = {