the-infra/services/gerrit/www.nix
Luke Granger-Brown 82db8f7f1e gerrit01: some more tuning
* flip off proxy_buffering again
* enable REVWALK_USE_PRIORITY_QUEUE
* enable delta compression, because that's not a bottleneck and it's
  nicer on bandwidth
2024-07-10 00:27:36 +01:00

42 lines
1.2 KiB
Nix

{ config, lib, ... }:
let
inherit (lib) mkIf;
cfg = config.bagel.services.gerrit;
in
{
config = mkIf cfg.enable {
services.nginx = {
enable = true;
enableReload = true;
appendHttpConfig = ''
add_header Permissions-Policy "interest-cohort=()";
'';
recommendedProxySettings = false;
};
services.nginx.virtualHosts.gerrit = {
serverName = builtins.head cfg.domains;
serverAliases = builtins.tail cfg.domains;
enableACME = true;
forceSSL = true;
extraConfig = ''
location / {
proxy_pass http://localhost:4778;
proxy_set_header X-Forwarded-For $remote_addr;
# The :443 suffix is a workaround for https://b.tvl.fyi/issues/88.
proxy_set_header Host $host:443;
# Gerrit can throw a lot of data.
proxy_buffering off;
# NGINX should not give up super fast. Things can take time.
proxy_read_timeout 3600;
}
location = /robots.txt {
return 200 'User-agent: *\nAllow: /';
}
'';
};
networking.firewall.allowedTCPPorts = [ 443 80 ];
};
}