fix(gerrit): force gerrit to run as the git user

The default configuration wants to run gerrit with a DynamicUser.
However, this prevent the server to generate the ssh keys needed by
gerrit. Instead, we can force the server to run with the 'git' user,
which already exists.

1 files changed, 11 insertions, 0 deletions

diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix
index 6eaece4..df285d3 100644
--- a/modules/services/gerrit/default.nix
+++ b/modules/services/gerrit/default.nix
@@ -42,6 +42,17 @@ in {
       };
     };
 
+    systemd.services.gerrit = {
+      serviceConfig = {
+        # Using DynamicUser fails to generate correctly the ssh keys
+        # needed for the ssh server that is managed by gerrit.
+        # Instead, let's re-use the git user.
+        DynamicUser = lib.mkForce false;
+        User = "git";
+        Group = "git";
+      };
+    };
+
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
       enableACME = true;