fix(gerrit): force gerrit to run as the git user

The default configuration wants to run gerrit with a DynamicUser. However, this prevent the server to generate the ssh keys needed by gerrit. Instead, we can force the server to run with the 'git' user, which already exists.
author: Franck Cuny <franck@fcuny.net> 2022-05-26 09:08:23 -0700
committer: Franck Cuny <franck@fcuny.net> 2022-05-26 09:08:23 -0700
commit: 78539c2f9b3e1203cada307caca99d1ce920bb90 (patch)
tree: 80264f40d9e67f26770604654e22291341a7afeb
parent: fix(gerrit): use localhost for the proxy (diff)
download: infra-78539c2f9b3e1203cada307caca99d1ce920bb90.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix
index 6eaece4..df285d3 100644
--- a/modules/services/gerrit/default.nix
+++ b/modules/services/gerrit/default.nix
@@ -42,6 +42,17 @@ in {
       };
     };
 
+    systemd.services.gerrit = {
+      serviceConfig = {
+        # Using DynamicUser fails to generate correctly the ssh keys
+        # needed for the ssh server that is managed by gerrit.
+        # Instead, let's re-use the git user.
+        DynamicUser = lib.mkForce false;
+        User = "git";
+        Group = "git";
+      };
+    };
+
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
       enableACME = true;
author	Franck Cuny <franck@fcuny.net>	2022-05-26 09:08:23 -0700
committer	Franck Cuny <franck@fcuny.net>	2022-05-26 09:08:23 -0700
commit	78539c2f9b3e1203cada307caca99d1ce920bb90 (patch)
tree	80264f40d9e67f26770604654e22291341a7afeb
parent	fix(gerrit): use localhost for the proxy (diff)
download	infra-78539c2f9b3e1203cada307caca99d1ce920bb90.tar.gz