gerrit: factor more configuration in the NixOS module for external consumption

Other modules may require information to configure themselves from the Gerrit module. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 15:43:22 +02:00 · 2024-07-17 15:43:22 +02:00 · fda59ee6c0
parent 68d956f1ba
commit fda59ee6c0
2 changed files with 18 additions and 6 deletions
--- a/hosts/gerrit01/default.nix
+++ b/hosts/gerrit01/default.nix
@ -35,6 +35,7 @@
    domains = [
      "cl.forkos.org"
    ];
+    canonicalDomain = "cl.forkos.org";
    data = "/gerrit-data";
  };

--- a/services/gerrit/default.nix
+++ b/services/gerrit/default.nix
@ -3,7 +3,7 @@
 { pkgs, config, lib, ... }:

 let
-  inherit (lib) mkEnableOption mkIf mkOption types;
+  inherit (lib) mkEnableOption mkIf mkOption types head;
  cfgGerrit = config.services.gerrit;
  cfg = config.bagel.services.gerrit;

@ -16,11 +16,22 @@ in
      type = types.listOf types.str;
      description = "List of domains that Gerrit will answer to";
    };
+    canonicalDomain = mkOption {
+      type = types.str;
+      description = "Canonical domain for this Gerrit instance";
+      default = head cfg.domains;
+    };
    data = mkOption {
      type = types.path;
      default = "/var/lib/gerrit";
      description = "Root of data directory for the Gerrit";
    };
+    port = mkOption {
+      type = types.port;
+      default = 29418;
+      readOnly = true;
+      description = "Port for the Gerrit SSH server";
+    };
  };

  imports = [
@ -28,7 +39,7 @@ in
  ];

  config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ 29418 ];
+    networking.firewall.allowedTCPPorts = [ cfg.port ];

    environment.systemPackages = [ jdk ];

@ -58,7 +69,7 @@ in
        "webhooks"
      ];

-      plugins = with pkgs.gerritPlugins; [ 
+      plugins = with pkgs.gerritPlugins; [
        oauth
        metrics-reporter-prometheus
      ];
@ -115,7 +126,7 @@ in
        # Other settings
        log.jsonLogging = true;
        log.textLogging = false;
-        sshd.advertisedAddress = "cl.forkos.org:29418";
+        sshd.advertisedAddress = "${cfg.canonicalDomain}:${cfg.port}";
        cache.web_sessions.maxAge = "3 months";
        plugins.allowRemoteAdmin = false;
        change.enableAttentionSet = true;
@ -130,7 +141,7 @@ in
        # Configures gerrit for being reverse-proxied by nginx as per
        # https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html
        gerrit = {
-          canonicalWebUrl = "https://cl.forkos.org";
+          canonicalWebUrl = "https://${cfg.canonicalDomain}";
          docUrl = "/Documentation";
          defaultBranch = "refs/heads/main";
        };
@ -147,7 +158,7 @@ in
        # Auto-link other CLs
        commentlink.gerrit = {
          match = "cl/(\\d+)";
-          link = "https://cl.forkos.org/$1";
+          link = "https://${cfg.canonicalDomain}/$1";
        };

        # Configures integration with Keycloak, which then integrates with a