diff --git a/common/sysadmin/default.nix b/common/sysadmin/default.nix index f751705..8aa1110 100644 --- a/common/sysadmin/default.nix +++ b/common/sysadmin/default.nix @@ -17,6 +17,7 @@ in pv kitty.terminfo config.boot.kernelPackages.perf + bcc tcpdump ncdu ] ++ lib.optional (lib.hasAttr "pwru" pkgs) pkgs.pwru; diff --git a/services/gerrit/default.nix b/services/gerrit/default.nix index 44ca7ae..6e8fdab 100644 --- a/services/gerrit/default.nix +++ b/services/gerrit/default.nix @@ -28,6 +28,8 @@ in config = mkIf cfg.enable { networking.firewall.allowedTCPPorts = [ 29418 ]; + environment.systemPackages = [ pkgs.openjdk17_headless ]; + fileSystems."/var/lib/gerrit" = mkIf (cfg.data != "/var/lib/gerrit") { device = cfg.data; options = [ "bind" ]; @@ -75,10 +77,7 @@ in gc.interval = "1 day"; database.poolLimit = "250"; database.poolMaxIdle = 16; - http.maxThreads = 100; - core.packedGitLimit = "4g"; - core.packedGitWindowSize = "16k"; - core.packedGitOpenFiles = "4096"; + httpd.maxThreads = 100; receive.timeout = "4min"; transfer.timeout = "4min"; pack.threads = "8"; diff --git a/services/gerrit/www.nix b/services/gerrit/www.nix index 8ad815c..eaafabc 100644 --- a/services/gerrit/www.nix +++ b/services/gerrit/www.nix @@ -12,21 +12,30 @@ in add_header Permissions-Policy "interest-cohort=()"; ''; recommendedProxySettings = false; + commonHttpConfig = '' + log_format upstream_time '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"' + 'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"'; + ''; }; services.nginx.virtualHosts.gerrit = { serverName = builtins.head cfg.domains; serverAliases = builtins.tail cfg.domains; enableACME = true; forceSSL = true; - extraConfig = '' + access_log /var/log/nginx/gerrit-access.log upstream_time; + location / { proxy_pass http://localhost:4778; proxy_set_header X-Forwarded-For $remote_addr; # The :443 suffix is a workaround for https://b.tvl.fyi/issues/88. proxy_set_header Host $host:443; # Gerrit can throw a lot of data. - proxy_buffering off; + proxy_buffering on; + # NGINX should not give up super fast. Things can take time. + proxy_read_timeout 3600; } location = /robots.txt {