e9686f84d9
Instead of prepending :unsign to all URLs in josh-proxy, and for all calls to filteredGitPush, explicitly use it only in the filter we use for the `export-kit` extraStep. This means, people cloning tvl-kit via > https://code.tvl.fyi/depot.git:workspace=views/kit.git now need to update the URL to point to > https://code.tvl.fyi/depot.git:unsign:workspace=views/kit.git instead. git@github.com:tvlfyi/kit.git will keep the same hashes, as it's updated to export the unsigned workspace view of it. This is less invasive than dooming every josh workspace to have to strip signatures. Change-Id: I6de05182fad4c3695081388c3bbf37306521d255 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8369 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
33 lines
931 B
Nix
33 lines
931 B
Nix
# Configures the public josh instance for serving the depot.
|
|
{ config, depot, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.services.depot.josh;
|
|
in
|
|
{
|
|
options.services.depot.josh = with lib; {
|
|
enable = mkEnableOption "Enable josh for serving the depot";
|
|
|
|
port = mkOption {
|
|
description = "Port on which josh should listen";
|
|
type = types.int;
|
|
default = 5674;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
# Run josh for the depot.
|
|
systemd.services.josh = {
|
|
description = "josh - partial cloning of monorepos";
|
|
wantedBy = [ "multi-user.target" ];
|
|
path = [ pkgs.git pkgs.bash ];
|
|
|
|
serviceConfig = {
|
|
DynamicUser = true;
|
|
StateDirectory = "josh";
|
|
Restart = "always";
|
|
ExecStart = "${depot.third_party.josh}/bin/josh-proxy --no-background --local /var/lib/josh --port ${toString cfg.port} --remote https://cl.tvl.fyi/ --require-auth";
|
|
};
|
|
};
|
|
};
|
|
}
|