commit 91e1a8c9c50dddc9d8c8c263e793ebe4dc767103
author Sergiusz Bazanski <q3k@hackerspace.pl> Thu Jun 25 12:16:29 2020 +0200
committer Sergiusz Bazanski <q3k@hackerspace.pl> Thu Jun 25 12:27:34 2020 +0200
tree f88d5f6cfbf0f8315ca5ae19e3226181947f4024
parent b1aadd88ffa6251adef49fc89b8185edbecfd383

devtools: add sourcegraph

Change-Id: Ic3c40768c761e598e0f42b17a4b9f0d4ebcb2bb2

devtools/kube/prod.jsonnet

diff --git a/devtools/kube/prod.jsonnet b/devtools/kube/prod.jsonnet
index add1899..3bdccd2 100644
--- a/devtools/kube/prod.jsonnet
+++ b/devtools/kube/prod.jsonnet
@@ -1,7 +1,9 @@
 local mirko = import "../../kube/mirko.libsonnet";
+local policies = import "../../kube/policies.libsonnet";
 
 local depotview = import "depotview.libsonnet";
 local hackdoc = import "hackdoc.libsonnet";
+local sourcegraph = import "sourcegraph.libsonnet";
 
 {
     devtools(name):: mirko.Environment(name) {
@@ -13,14 +15,23 @@
             hackdoc: hackdoc.cfg {
                 publicFQDN: "hackdoc.hackerspace.pl",
             },
+            sourcegraph: sourcegraph.cfg {
+                publicFQDN: "cs.hackerspace.pl",
+            },
         },
 
         components: {
             depotview: depotview.component(cfg.depotview, env),
             hackdoc: hackdoc.component(cfg.hackdoc, env),
+            // This is configurated manually through the web interface, q3k has an account
+            // and can create more administrative ones if needed.
+            sourcegraph: sourcegraph.component(cfg.sourcegraph, env),
         },
     },
 
     prod: self.devtools("devtools-prod") {
+        local env = self,
+        // For SourceGraph's tini container mess.
+        policy: policies.AllowNamespaceMostlySecure(env.cfg.namespace),
     },
 }