diff --git a/hosts/gerrit01/default.nix b/hosts/gerrit01/default.nix index a0f9f85..49e93ae 100755 --- a/hosts/gerrit01/default.nix +++ b/hosts/gerrit01/default.nix @@ -35,6 +35,7 @@ domains = [ "cl.forkos.org" ]; + canonicalDomain = "cl.forkos.org"; data = "/gerrit-data"; }; diff --git a/services/gerrit/default.nix b/services/gerrit/default.nix index 5b4f8c5..3796dc1 100644 --- a/services/gerrit/default.nix +++ b/services/gerrit/default.nix @@ -3,7 +3,7 @@ { pkgs, config, lib, ... }: let - inherit (lib) mkEnableOption mkIf mkOption types; + inherit (lib) mkEnableOption mkIf mkOption types head; cfgGerrit = config.services.gerrit; cfg = config.bagel.services.gerrit; @@ -16,11 +16,22 @@ in type = types.listOf types.str; description = "List of domains that Gerrit will answer to"; }; + canonicalDomain = mkOption { + type = types.str; + description = "Canonical domain for this Gerrit instance"; + default = head cfg.domains; + }; data = mkOption { type = types.path; default = "/var/lib/gerrit"; description = "Root of data directory for the Gerrit"; }; + port = mkOption { + type = types.port; + default = 29418; + readOnly = true; + description = "Port for the Gerrit SSH server"; + }; }; imports = [ @@ -28,7 +39,7 @@ in ]; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 29418 ]; + networking.firewall.allowedTCPPorts = [ cfg.port ]; environment.systemPackages = [ jdk ]; @@ -58,7 +69,7 @@ in "webhooks" ]; - plugins = with pkgs.gerritPlugins; [ + plugins = with pkgs.gerritPlugins; [ oauth metrics-reporter-prometheus ]; @@ -115,7 +126,7 @@ in # Other settings log.jsonLogging = true; log.textLogging = false; - sshd.advertisedAddress = "cl.forkos.org:29418"; + sshd.advertisedAddress = "${cfg.canonicalDomain}:${cfg.port}"; cache.web_sessions.maxAge = "3 months"; plugins.allowRemoteAdmin = false; change.enableAttentionSet = true; @@ -130,7 +141,7 @@ in # Configures gerrit for being reverse-proxied by nginx as per # https://gerrit-review.googlesource.com/Documentation/config-reverseproxy.html gerrit = { - canonicalWebUrl = "https://cl.forkos.org"; + canonicalWebUrl = "https://${cfg.canonicalDomain}"; docUrl = "/Documentation"; defaultBranch = "refs/heads/main"; }; @@ -147,7 +158,7 @@ in # Auto-link other CLs commentlink.gerrit = { match = "cl/(\\d+)"; - link = "https://cl.forkos.org/$1"; + link = "https://${cfg.canonicalDomain}/$1"; }; # Configures integration with Keycloak, which then integrates with a