Gitlab on stargate
This commit is contained in:
parent
31833e1681
commit
c44366f5ce
3 changed files with 45 additions and 7 deletions
|
|
@ -108,6 +108,7 @@ in {
|
||||||
};
|
};
|
||||||
custom.presets.default = enabled;
|
custom.presets.default = enabled;
|
||||||
custom.hardware.secureBoot = enabled;
|
custom.hardware.secureBoot = enabled;
|
||||||
|
hardware.bluetooth.enable = mkForce false;
|
||||||
custom.impermanence = enabled;
|
custom.impermanence = enabled;
|
||||||
|
|
||||||
custom.users.kylekrein = {
|
custom.users.kylekrein = {
|
||||||
|
|
|
||||||
37
systems/x86_64-linux/stargate/services/gitlab.nix
Normal file
37
systems/x86_64-linux/stargate/services/gitlab.nix
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
sops.secrets."services/gitlab/dbPassword" = {owner = "gitlab";};
|
||||||
|
sops.secrets."services/gitlab/rootPassword" = {owner = "gitlab";};
|
||||||
|
sops.secrets."services/gitlab/secret" = {owner = "gitlab";};
|
||||||
|
sops.secrets."services/gitlab/otpsecret" = {owner = "gitlab";};
|
||||||
|
sops.secrets."services/gitlab/dbsecret" = {owner = "gitlab";};
|
||||||
|
sops.secrets."services/gitlab/oidcKeyBase" = {owner = "gitlab";};
|
||||||
|
sops.secrets."services/gitlab/activeRecordSalt" = {owner = "gitlab";};
|
||||||
|
sops.secrets."services/gitlab/activeRecordPrimaryKey" = {owner = "gitlab";};
|
||||||
|
sops.secrets."services/gitlab/activeRecordDeterministicKey" = {owner = "gitlab";};
|
||||||
|
services.gitlab = {
|
||||||
|
enable = true;
|
||||||
|
host = "gitlab.kylekrein.com";
|
||||||
|
https = true;
|
||||||
|
port = 443;
|
||||||
|
statePath = "/var/lib/gitlab/state";
|
||||||
|
backup.startAt = "3:00";
|
||||||
|
databasePasswordFile = config.sops.secrets."services/gitlab/dbPassword".path;
|
||||||
|
initialRootPasswordFile = config.sops.secrets."services/gitlab/rootPassword".path;
|
||||||
|
secrets = {
|
||||||
|
secretFile = config.sops.secrets."services/gitlab/secret".path;
|
||||||
|
otpFile = config.sops.secrets."services/gitlab/otpsecret".path;
|
||||||
|
dbFile = config.sops.secrets."services/gitlab/dbsecret".path;
|
||||||
|
jwsFile = config.sops.secrets."services/gitlab/oidcKeyBase".path; #pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
|
||||||
|
activeRecordSaltFile = config.sops.secrets."services/gitlab/activeRecordSalt".path;
|
||||||
|
activeRecordPrimaryKeyFile = config.sops.secrets."services/gitlab/activeRecordPrimaryKey".path;
|
||||||
|
activeRecordDeterministicKeyFile = config.sops.secrets."services/gitlab/activeRecordDeterministicKey".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.gitlab-backup.environment.BACKUP = "dump";
|
||||||
|
}
|
||||||
|
|
@ -48,13 +48,13 @@ in {
|
||||||
# locations = matrixLocations;
|
# locations = matrixLocations;
|
||||||
#};
|
#};
|
||||||
|
|
||||||
#"gitlab.kylekrein.com" = {
|
"gitlab.kylekrein.com" = {
|
||||||
# enableACME = true;
|
enableACME = true;
|
||||||
# forceSSL = true;
|
forceSSL = true;
|
||||||
# locations."/" = {
|
locations."/" = {
|
||||||
# proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||||||
# };
|
};
|
||||||
#};
|
};
|
||||||
|
|
||||||
"immich.kylekrein.com" = {
|
"immich.kylekrein.com" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue