infra/hosts/gerrit01/default.nix

139 lines
3.6 KiB
Nix
Raw Permalink Normal View History

{
config,
lib,
pkgs,
...
}:
{
networking.hostName = "gerrit01";
# TODO: make it the default
networking.domain = "infra.forkos.org";
bagel.sysadmin.enable = true;
# Gerrit is proxied.
bagel.raito.v6-proxy-awareness.enable = true;
bagel.hardware.raito-vm = {
enable = true;
networking = {
nat-lan-mac = "bc:24:11:f7:29:6c";
wan = {
address = "2001:bc8:38ee:100:1000::10/64";
mac = "bc:24:11:4a:9d:32";
};
};
};
# Block all these crawlers!!
bagel.services.nginx.crawler-blocker.enable = true;
fileSystems."/gerrit-data" = {
device = "/dev/disk/by-uuid/d1062305-0dea-4740-9a27-b6b1691862a4";
fsType = "ext4";
};
bagel.services.gerrit = {
enable = true;
pyroscope.enable = true;
domains = [
"cl.forkos.org"
];
canonicalDomain = "cl.forkos.org";
data = "/gerrit-data";
};
age.secrets.ows-deploy-key = {
file = ../../secrets/floral/ows-deploy-key.age;
mode = "0600";
owner = "git";
group = "git";
};
bagel.nixpkgs.one-way-sync =
let
2024-08-08 13:16:04 +00:00
mkNixpkgsJob = { timer, fromRefspec, localRefspec ? fromRefspec }: {
fromUri = "https://github.com/NixOS/nixpkgs";
2024-08-08 13:16:04 +00:00
inherit fromRefspec localRefspec timer;
};
mkLocalJob = { timer, fromRefspec, localRefspec }: {
fromUri = "https://cl.forkos.org/nixpkgs";
inherit fromRefspec localRefspec timer;
};
in
{
enable = true;
stateDirectory = "/gerrit-data/ows";
pushUrl = "ssh://ows_bot@cl.forkos.org:29418/nixpkgs";
deployKeyPath = config.age.secrets.ows-deploy-key.path;
2024-08-08 13:16:04 +00:00
# Sync main -> staging-next -> staging
branches."main-to-staging-next" = mkLocalJob {
2024-08-08 13:22:44 +00:00
timer = "00/8:20:00"; # every 8 hours, 20 minutes past the full hour
2024-08-08 13:16:04 +00:00
fromRefspec = "main";
localRefspec = "staging-next";
};
branches."staging-next-to-staging" = mkLocalJob {
2024-08-08 13:22:44 +00:00
timer = "00/8:40:00"; # every 8 hours, 40 minutes past the full hour
2024-08-08 13:16:04 +00:00
fromRefspec = "staging-next";
localRefspec = "staging";
};
# Sync nixpkgs -> fork
branches."nixpkgs-master" = mkNixpkgsJob {
timer = "hourly";
2024-08-08 13:16:04 +00:00
fromRefspec = "master";
localRefspec = "main";
};
2024-08-08 13:16:04 +00:00
branches."nixpkgs-staging" = mkNixpkgsJob {
timer = "hourly";
2024-08-08 13:16:04 +00:00
fromRefspec = "staging";
};
2024-08-08 13:16:04 +00:00
branches."nixpkgs-release-24.05" = mkNixpkgsJob {
timer = "hourly";
2024-08-08 13:16:04 +00:00
fromRefspec = "release-24.05";
};
2024-08-08 13:16:04 +00:00
branches."nixpkgs-staging-24.05" = mkNixpkgsJob {
timer = "hourly";
2024-08-08 13:16:04 +00:00
fromRefspec = "staging-24.05";
};
2024-08-08 13:16:04 +00:00
branches."nixpkgs-release-23.11" = mkNixpkgsJob {
timer = "hourly";
2024-08-08 13:16:04 +00:00
fromRefspec = "release-23.11";
};
2024-08-08 13:16:04 +00:00
branches."nixpkgs-staging-23.11" = mkNixpkgsJob {
timer = "hourly";
2024-08-08 13:16:04 +00:00
fromRefspec = "staging-23.11";
};
};
age.secrets.s3-channel-staging-keys.file = ../../secrets/floral/s3-channel-staging-keys.age;
bagel.nixpkgs.channel-scripts = {
enable = true;
otlp.enable = true;
nixpkgsUrl = "https://cl.forkos.org/nixpkgs.git";
hydraUrl = "https://hydra.forkos.org";
binaryCacheUrl = "https://cache.forkos.org";
baseUriForGitRevisions = "https://cl.forkos.org/plugins/gitiles/nixpkgs/+";
s3 = {
release = "bagel-channel-scripts-test";
channel = "bagel-channel-scripts-test";
};
releaseBucketCredentialsFile = config.age.secrets.s3-channel-staging-keys.path;
deployKeyFile = config.age.secrets.priv-ssh-key.path;
extraArgs = [
"--bypass-preflight-checks"
];
channels = import ../../common/channels.nix;
};
i18n.defaultLocale = "fr_FR.UTF-8";
system.stateVersion = "24.05";
deployment.targetHost = "gerrit01.infra.forkos.org";
}