Gitlab
This commit is contained in:
parent
7cabbd1a9a
commit
1ca6a7d6d5
2 changed files with 36 additions and 4 deletions
|
|
@ -66,6 +66,31 @@ users = {
|
|||
networking.firewall.allowedTCPPorts = [ 80 443 22 8448 ];
|
||||
networking.firewall.allowedUDPPorts = [ 3478 5349 ];
|
||||
#sops.secrets."services/conduwuit" = {mode = "0755";};
|
||||
|
||||
|
||||
sops.secrets."services/gitlab/dbPassword" = { owner = "gitlab"; };
|
||||
sops.secrets."services/gitlab/rootPassword" = { owner = "gitlab"; };
|
||||
sops.secrets."services/gitlab/secret" = { owner = "gitlab"; };
|
||||
sops.secrets."services/gitlab/otpsecret" = { owner = "gitlab"; };
|
||||
sops.secrets."services/gitlab/dbsecret" = { owner = "gitlab"; };
|
||||
sops.secrets."services/gitlab/oidcKeyBase" = { owner = "gitlab"; };
|
||||
services.gitlab = {
|
||||
enable = true;
|
||||
host = "0.0.0.0";
|
||||
port = 4219;
|
||||
statePath = "/persist/gitlab/state";
|
||||
backup.startAt = "3:00";
|
||||
databasePasswordFile = sops.secrets."services/gitlab/dbPassword".path;
|
||||
initialRootPasswordFile = sops.secrets."services/gitlab/rootPassword".path;
|
||||
secrets = {
|
||||
secretFile = sops.secrets."services/gitlab/secret".path;
|
||||
otpFile = sops.secrets."services/gitlab/otpsecret".path;
|
||||
dbFile = sops.secrets."services/gitlab/dbsecret".path;
|
||||
jwsFile = sops.secrets."services/gitlab/oidcKeyBase".path;#pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.gitlab-backup.environment.BACKUP = "dump";
|
||||
|
||||
kk.services.conduwuit = {
|
||||
enable = true;
|
||||
|
|
@ -138,6 +163,9 @@ handle_path /.well-known/matrix/* {
|
|||
respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.element.io"}}`
|
||||
reverse_proxy * http://localhost:6167
|
||||
'';
|
||||
virtualHosts."gitlab.kylekrein.com".extraConfig = ''
|
||||
reverse_proxy * unix//run/gitlab/gitlab-workhorse.socket
|
||||
'';
|
||||
};
|
||||
system.stateVersion = "24.11";
|
||||
nix = {
|
||||
|
|
@ -151,13 +179,11 @@ respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.e
|
|||
"https://hyprland.cachix.org"
|
||||
"https://nix-gaming.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
"https://attic.kennel.juneis.dog/conduwuit"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE="
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -7,6 +7,12 @@ ssh_keys:
|
|||
kylekrein-homepc: ENC[AES256_GCM,data:/7b7wHk9jX+2Gel3157KO4YHia+IyEurUic0BX9flNKdsjIyG/3N8lORAkIjwnPlFaN2VqGu6o1pFgW2dzkSAyATQIUeWpqL5rjxsG3mJ9/9TLh58Y7MIpFKx2r8AeUY0xEAhT1A4BCbnDMsneQtM9gBkgPdhhv6vVpe4XJS3n+dGPER/bQxxRbEt260EjxvL1OPf5C7Z7qNVhOzxNdgdJMQvXxyhRGlXRrrHFRdbw0nChStevgBL4+FoMuBFkqF/aJSoapwe8PNxp8z+Hk5Em+BQv/ieFcscESssCK1gSbvfz6MQyX+5ig+Gy+t28yy56/ir44PHwX47IOILzg7lABSvN+Uyt+sRKyBfx124hJjqgXf65YQ/fgknQt0NDKwZyP/gPSLC9HiLKdva/P9nuenfSnlLrGtfugejBAVQBMOP2HTp/ZKtveeKLVIzM7NLeHAw8ul1OL8OlOgyO3vhEkEVagLwtQYHqwoF7+z30TzTtGyDzuhohbhUH36D8BD/LTaPHxnnVIzWq/IBOmAU06U/EvS5x/JJtqMm8aaDFFEYA==,iv:+4umMhsr8s0IuiYuEdhDAOfLjAELEHbFVvWqaVyF2yQ=,tag:eE9gCZ3pC4wDLeMs5cQGZg==,type:str]
|
||||
services:
|
||||
conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str]
|
||||
gitlab:
|
||||
dbPassword: ENC[AES256_GCM,data:itn9xyNZO+xkSk0GKvLzjLRzM0uZ+TalqLtj6tyjKXM=,iv:U8bX/On89wz6Lz4R2/fZ+FWRObehlnjFhUQdAhmxb60=,tag:oEbee14jCGfRs8i5bJZ5FA==,type:str]
|
||||
rootPassword: ENC[AES256_GCM,data:lXq+GIn6ooTzZL4iMYFzx3kn8gdcdsNaLQ/zVCr75Nw=,iv:mGp9gxL9uABpbod/ZNNyEllBbcfrQuFG4pQgs0v/xbk=,tag:CZzj4hauh/Qi8fvtmaZ/KQ==,type:str]
|
||||
secret: ENC[AES256_GCM,data:W7PfRh80hzMZrJebHgs4CJeeABWIVVkh3ByTF1Yfavw=,iv:WnLEACeCZOf+YpF4RzQCXG6uPEq7zrE6u7DQQLZjL/Q=,tag:3qjnIeoptMsIxIbTh5TR+Q==,type:str]
|
||||
otpsecret: ENC[AES256_GCM,data:enBP2fsr+VaHuK93GGDtgGMSf20yxgLloHIHIibFfLo=,iv:iLLVuypLXySsw363Y9CSz5Kqa3CCNQFwURdOoi5Ig20=,tag:CgUMcT+x/134JJaScHLlOQ==,type:str]
|
||||
oidcKeyBase: ENC[AES256_GCM,data:hHBdaIynMg8eWiwDjDfN+8PcUjOPl9VzG6lu2Z1eRrC2PaVXORg1Eh6YPi83efqhaSbONHeiORGsLM/NYHFcviEvQ8aZXb9y/ojKPHdyjYvkedIU1alyfWqiz8+xP/H2JFPgMdDsO6Tt4IswTMCfbNOXY2+RwImLACxTDoeY9LX2wklrGWh7F7DqAYymM2T6PrulJqGtbrep3yEylb5kqPZU34aJQzdZ7/zA5EW68xTOWEElCcxfkr2ThCywk6quUQaaCsqVAjZhULRDYfDA/umF8r6S7eNh0eFm6X17xsLTgkSMkx4gLvaUxtLG9bGM/5FJ6823hyRSTNXZx0cV7f195mqeUhn6rvUIl6qC8O7Ln6auWxjuJDRo+1Phr4J3dQMBXBaG2WpQFufgXNw8qWpMEqpiN6CjXhFYWJT/TxCZR+Bdxqt8Fegk0DjcEQFbJDOKKV3/JMu1hIsydeVRTmyy06EbBKSfAIgFddQIA7DmxqK6tqLRtITQ1K9xGnt4msiqgfv1XiyeTo+vmptYVDGLSLtB6yfOKvs/U31RlNESwcHwIqlisl1bex5HV10OCcMkFVhhffoiT1Swdj9ilMhd3TkgL2uJstC26QuyB4Gdnmz28MWU28JXP7qVf0rvq6nNPYAKpO3LgNPx5JrCz6DGCxSZiJOQ0fYDxz5QC2EznAbmZachg8tBb4Hmd/CvEtMMvWfkxueadTV7fWR0l3R4H1cizUF8j2NIfqWb6TQLIy25PaOSNnyZ+a4NFZDgZQcpl4zbCLVKHEKGDGhMr4SpEtKzasZSwv1jw7TZoiN8I2g1hSdZRCq3KJ2nAIGvlZd8NUTsksxsIXcxaoM1rfl4dIOfHm3H+HcKmnMYafnCH0EgdRZeAv1sonDzUOEl2G8myUTa3xNlR43lauIG0ipat83UO6INFh4N0TFJtirPHjm72ZMfUK89ut5fWnYqiKopkJEtAy7Bk1EUbXwuRfBDB34m8AFdDGbVWWVaoVJkSuIr8PHMsFhJRGn1TUit7tDQfgPvLpPD0Wiq2PBgoExZ8qLYUDdOCvTxWnZ+gpTRghiBebulNR0xGOCeopg4qiMZ7rWfUJHsqNUazpak1JPIWC8wYIJ4vojjIH1TCpl11lYUvXy1ffFkcWBYplsGYBuY3qpXG/Od3yrdwPKzhHPjPpWDdxZJBW91HRdq0qhq9mYIr28kqGF4Mg60cGGdin+/O0jcfzWzwhjibEfrfuzBqhHknTPXDTlKPBctdvcQZRUsOS0d6SrNRXOvvzlSTrUowaQTSrZNzNDpAt3VKYJDnXGgwnAZSk8zhRM7J6bc9artgm75qBWuZCxLHbcqyBeWVRALYPkWp5h1bLCaGHgC7x986d0mGxfU9p2szIRyacbJN/ITIuDuDmvBt9NWydkkdT3GZE9uhbxQMgfkKyLyXvf7LrF1iSmIos15tYCZrxAcu0LMo2mqW51e92uc4AXE8rVB4k7z2j19F5sW9GMQgKOk6qT1CSpzfHvPpVdKQ5cVVj4X5GZOao5flo1tO/sNwE92Jpc/jLw96737rRDGe9vSkdbyhSS1wrF4+P59QPxsdelSAYZF6YMgSN0yCJFuRLWfj6IpxpBIEEuB5QACCHnDiWi9cFEwRaq6EX6f87Joznd9o1kwASmMXpkXqv/rLorjlqdXajwdFXEmNUFMqX90va7LvlZJPHhvXmgJCwdHAKacQj1m0Ji4EqSZhM/I1uEhG6zTc2jE46N2peVf2JytEGpbgF/m2pyGJDDQ5SDIfG+4AdUXVTk68wl0Q2SSjBb4d/N8XNfPHHToXEuNsNmHZx/4Yt9b+RJqzl3Mi+HOvJP/mz8wR7TxceHnuqE0RTvl9TYN0MXkXVfh6ECj6AaDuiL930IYabRZ5do7eMaA2OYZoPvZA4udoctDApyzs0Dn0gVu9sFXUgmNV7YnkETeEtjKEn/sjWmkMFQ+vJoK27H4OuILxYj5jtBhWbjNYeheBVo5jXmANakDO95vlLhlp2t11LrEoR59dNVVvvN3zDuX1/EYI0OvS4Isl7HTk8ud0+8tfzywGAY3LtEhpEffe91gqEleu2atKYWZQ8917ugvmGkNQ5SNJloDFtUFvAAjJypoovQ6JxQOgFGSsgKMMUMSyuUQnjkxThrGL6oMavAGKElJn6xFc48xSvS4dluTotqwzN2gaV5a98PFbw4zda3ltx2uJD3XxYqr1J92P39YMjKihFIALrcXIESV0Aehfap3WATjlRLikTq726wo2n+k,iv:P8C/7NUd1G/VbKz7iWjTVXxMFOxZQxX5d0V4Tj6KeCw=,tag:iq4s3ahqkmf4e7BffjlIcQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -22,8 +28,8 @@ sops:
|
|||
M0hSNWNYbGM3a21McUVMaGNqWTdmNTQK3VRFV4EaC8K8AJi2PUt6TeBgueEmPLI8
|
||||
Vdwwbh89+xD5xf4Zm0LctPRlxxM6diubv0gIZZPy/ZXZfiU32ZnM0w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-02T14:08:10Z"
|
||||
mac: ENC[AES256_GCM,data:ATGlRrgS1LilKyMpLHPlQj9NV6eK8IaDr36KjFcyMsslzq68Zw/s14C+RjMUYT8dQkzymMxhxh9jAsPtS/J81XFG4RMl7mo6KNmhpPKEkzBuP0cAAIXgSrF4dovveI0imxxsjBba4iOi6Syjo/myg2dGpFwgU1/OgJ2suwB07ME=,iv:37UDQfMvk/o2BByZQfY9ry7ETCC2zU8K+EoRjGHKykc=,tag:wUFJ0fZMt4RZTM3oLJ2YaA==,type:str]
|
||||
lastmodified: "2025-05-20T20:14:44Z"
|
||||
mac: ENC[AES256_GCM,data:4A+PoSlyiTX9z9oYAa8u/xe8OspaqX8gQtCI8vopljMztFknlKiEyHs220iqez786uMZAl27bqDNwRxd3ktZfHvOWwBOv+LrNTVqUIAJQhCOeL3bXDe+pIiakcqlsfPbvpSdFWNTW7Y457u3Krredl9d4jS/YAao4Wzva3F0l1Q=,iv:CZ/jiFfYcMRYMyFpJpVqZzHy+0/IFFO5HE58Csf/9AU=,tag:S+sCUClyrKqbLZsrt+UC6w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue