diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 3952c907e..a21096325 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -9,6 +9,7 @@ in { "${depot.path}/ops/modules/atward.nix" "${depot.path}/ops/modules/automatic-gc.nix" "${depot.path}/ops/modules/clbot.nix" + "${depot.path}/ops/modules/git-serving.nix" "${depot.path}/ops/modules/irccat.nix" "${depot.path}/ops/modules/monorepo-gerrit.nix" "${depot.path}/ops/modules/nixery.nix" @@ -26,8 +27,8 @@ in { "${depot.path}/ops/modules/www/cl.tvl.fyi.nix" "${depot.path}/ops/modules/www/code.tvl.fyi.nix" "${depot.path}/ops/modules/www/cs.tvl.fyi.nix" - "${depot.path}/ops/modules/www/images.tvl.fyi.nix" "${depot.path}/ops/modules/www/deploys.tvl.fyi.nix" + "${depot.path}/ops/modules/www/images.tvl.fyi.nix" "${depot.path}/ops/modules/www/login.tvl.fyi.nix" "${depot.path}/ops/modules/www/nixery.dev.nix" "${depot.path}/ops/modules/www/status.tvl.su.nix" @@ -320,6 +321,9 @@ in { # Run a Nixery instance nixery.enable = true; + + # Run cgit & josh to serve git + git-serving.enable = true; }; services.postgresql = { @@ -382,22 +386,10 @@ in { zfstools ]; - # Run cgit for the depot. The onion here is nginx(thttpd(cgit)). - systemd.services.cgit = { - wantedBy = [ "multi-user.target" ]; - script = "${depot.web.cgit-taz}/bin/cgit-launch"; - - serviceConfig = { - Restart = "on-failure"; - User = "git"; - Group = "git"; - }; - }; - # Regularly back up whitby to Google Cloud Storage. systemd.services.restic = { description = "Backups to Google Cloud Storage"; - script = "${pkgs.restic}/bin/restic backup /var/lib/gerrit /var/backup/postgresql /var/lib/grafana /var/lib/znc /var/html/deploys.tvl.fyi"; + script = "${pkgs.restic}/bin/restic backup /var/lib/gerrit /var/backup/postgresql /var/lib/grafana /var/lib/znc /var/html/deploys.tvl.fyi /var/lib/josh"; environment = { GOOGLE_PROJECT_ID = "tazjins-infrastructure"; diff --git a/ops/modules/git-serving.nix b/ops/modules/git-serving.nix new file mode 100644 index 000000000..7601ba1d6 --- /dev/null +++ b/ops/modules/git-serving.nix @@ -0,0 +1,54 @@ +# Configures public git-serving infrastructure for TVL, this involves: +# +# 1. cgit (running at code.tvl.fyi) for web views of the repository +# 2. josh (for cloning the repository and its distinct subtrees) +# +# We also run Sourcegraph for browsing the repository, but this is +# currently configured in a separate module +# (//ops/modules/sourcegraph.nix) +# +# TODO(tazjin): Move //web/cgit-taz configuration in here instead. +{ config, depot, lib, pkgs, ... }: + +let + cfg = config.services.depot.git-serving; +in { + options.services.depot.git-serving = with lib; { + enable = mkEnableOption "Enable cgit & josh configuration"; + + joshPort = mkOption { + description = "Port on which josh should listen"; + type = types.int; + default = 5674; + }; + }; + + config = lib.mkIf cfg.enable { + # Run cgit for the depot. The onion here is nginx(thttpd(cgit)). + systemd.services.cgit = { + wantedBy = [ "multi-user.target" ]; + script = "${depot.web.cgit-taz}/bin/cgit-launch"; + + serviceConfig = { + Restart = "on-failure"; + User = "git"; + Group = "git"; + }; + }; + + # Run josh for the depot. + systemd.services.josh = { + description = "josh - partial cloning of monorepos"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.git pkgs.bash ]; + + serviceConfig = { + DynamicUser = true; + StateDirectory = "josh"; + Restart = "always"; + ExecStart = "${depot.third_party.josh}/bin/josh-proxy --no-background --local /var/lib/josh --port ${toString cfg.joshPort} --remote https://cl.tvl.fyi/"; + }; + }; + + }; +} diff --git a/ops/modules/www/code.tvl.fyi.nix b/ops/modules/www/code.tvl.fyi.nix index c8a4b27b1..4c182d34f 100644 --- a/ops/modules/www/code.tvl.fyi.nix +++ b/ops/modules/www/code.tvl.fyi.nix @@ -1,4 +1,4 @@ -{ depot, ... }: +{ depot, config, ... }: { imports = [ @@ -20,12 +20,22 @@ alias ${depot.tvix.docs.svg}/component-flow.svg; } + # Git operations on depot.git hit josh + location /depot.git { + proxy_pass http://localhost:${toString config.services.depot.git-serving.joshPort}; + } + + # Git clone operations on '/' should be redirected to josh now. + location = /info/refs { + return 302 https://code.tvl.fyi/depot.git/info/refs$is_args$args; + } + # Static assets must always hit the root. location ~ ^/(favicon\.ico|cgit\.(css|png))$ { proxy_pass http://localhost:2448; } - # Everything else hits the depot directly. + # Everything else is forwarded to cgit for the web view location / { proxy_pass http://localhost:2448/cgit.cgi/depot/; } diff --git a/web/cgit-taz/default.nix b/web/cgit-taz/default.nix index ec06d18a0..3c988dc75 100644 --- a/web/cgit-taz/default.nix +++ b/web/cgit-taz/default.nix @@ -32,7 +32,7 @@ let repo.path=/var/lib/gerrit/git/depot.git/ repo.desc=monorepo for the virus lounge repo.owner=The Virus Lounge - repo.clone-url=https://code.tvl.fyi + repo.clone-url=https://code.tvl.fyi/depot.git ''; thttpdConfig = writeText "thttpd.conf" ''