diff --git a/services/gerrit/default.nix b/services/gerrit/default.nix index 4102368..2ba0d42 100644 --- a/services/gerrit/default.nix +++ b/services/gerrit/default.nix @@ -41,6 +41,7 @@ in imports = [ ./www.nix ./one-way-sync.nix + ./git-gc-preserve.nix ]; config = mkIf cfg.enable { @@ -318,6 +319,13 @@ in environment.REVWALK_USE_PRIORITY_QUEUE = "true"; }; + bagel.services.git-gc-preserve = { + nixpkgs = { + enable = true; + repoPath = "/var/lib/gerrit/git/nixpkgs.git"; + }; + }; + age.secrets.gerrit-prometheus-bearer-token.file = ../../secrets/gerrit-prometheus-bearer-token.age; bagel.monitoring.grafana-agent.exporters.gerrit = { port = 4778; # grrt diff --git a/services/gerrit/git-gc-preserve.nix b/services/gerrit/git-gc-preserve.nix new file mode 100644 index 0000000..6b19523 --- /dev/null +++ b/services/gerrit/git-gc-preserve.nix @@ -0,0 +1,89 @@ +{ lib, utils, config, pkgs, ... }: let + inherit (lib) mkOption mkEnableOption types; + cfg = config.bagel.services.git-gc-preserve; +in +{ + options.bagel.services.git-gc-preserve = mkOption { + default = { }; + description = "Repositories that should be garbage collected"; + type = types.attrsOf (types.submodule { + options = { + enable = mkEnableOption "git-gc-preserve"; + user = mkOption { + type = types.str; + default = "git"; + description = "The user which will run the garbage collection script"; + example = "forgejo"; + }; + group = mkOption { + type = types.str; + default = "git"; + description = "The group which will run the garbage collection script"; + example = "forgejo"; + }; + repoPath = mkOption { + type = types.path; + description = "The path to the git repository that should be garbage collected"; + example = "/var/lib/gerrit/git/nixpkgs"; + }; + timeoutSec = mkOption { + type = types.str; + default = "1h"; + description = "Garbage collection Systemd unit timeout"; + example = "infinity"; + }; + timerConfig = mkOption { + type = types.nullOr (types.attrsOf utils.systemdUtils.unitOptions.unitOption); + default = { + OnCalendar = "daily"; + }; + description = '' + When to run the git-gc-preserve. See {manpage}`systemd.timer(5)` for + details. If null no timer is created and the garbage collection will only + run when explicitly started. + ''; + example = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + Persistent = true; + }; + }; + }; + }); + }; + config = { + systemd.services = + let + mkGCService = name: gcConfig: { + name = "git-gc-preserve-${name}"; + value = { + description = "Git-GC-Preserve Service - ${name}"; + serviceConfig = { + WorkingDirectory = gcConfig.repoPath; + Type = "oneshot"; + User = gcConfig.user; + Group = gcConfig.group; + ExecStart = lib.getExe pkgs.git-gc-preserve; + TimeoutSec = gcConfig.timeoutSec; + }; + }; + }; + mkServices = lib.mapAttrs' mkGCService; + enabledUnits = lib.filterAttrs (_: gcConfig: gcConfig.enable) cfg; + in + mkServices enabledUnits; + + systemd.timers = let + mkGCTimer = name: gcConfig: { + name = "git-gc-preserve-${name}"; + value = { + wantedBy = [ "timers.target" ]; + after = [ "multi-user.target" ]; + timerConfig = gcConfig.timerConfig; + }; + }; + mkTimer = lib.mapAttrs' mkGCTimer; + enabledTimers = lib.filterAttrs (_: gcConfig: gcConfig.timerConfig != null) cfg; + in mkTimer enabledTimers; + }; +}