37 lines
1.7 KiB
Nix
37 lines
1.7 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}: {
|
|
sops.secrets."services/gitlab/dbPassword" = {owner = "gitlab";};
|
|
sops.secrets."services/gitlab/rootPassword" = {owner = "gitlab";};
|
|
sops.secrets."services/gitlab/secret" = {owner = "gitlab";};
|
|
sops.secrets."services/gitlab/otpsecret" = {owner = "gitlab";};
|
|
sops.secrets."services/gitlab/dbsecret" = {owner = "gitlab";};
|
|
sops.secrets."services/gitlab/oidcKeyBase" = {owner = "gitlab";};
|
|
sops.secrets."services/gitlab/activeRecordSalt" = {owner = "gitlab";};
|
|
sops.secrets."services/gitlab/activeRecordPrimaryKey" = {owner = "gitlab";};
|
|
sops.secrets."services/gitlab/activeRecordDeterministicKey" = {owner = "gitlab";};
|
|
services.gitlab = {
|
|
enable = true;
|
|
host = "gitlab.kylekrein.com";
|
|
https = true;
|
|
port = 443;
|
|
statePath = "/var/lib/gitlab/state";
|
|
backup.startAt = "3:00";
|
|
databasePasswordFile = config.sops.secrets."services/gitlab/dbPassword".path;
|
|
initialRootPasswordFile = config.sops.secrets."services/gitlab/rootPassword".path;
|
|
secrets = {
|
|
secretFile = config.sops.secrets."services/gitlab/secret".path;
|
|
otpFile = config.sops.secrets."services/gitlab/otpsecret".path;
|
|
dbFile = config.sops.secrets."services/gitlab/dbsecret".path;
|
|
jwsFile = config.sops.secrets."services/gitlab/oidcKeyBase".path; #pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
|
|
activeRecordSaltFile = config.sops.secrets."services/gitlab/activeRecordSalt".path;
|
|
activeRecordPrimaryKeyFile = config.sops.secrets."services/gitlab/activeRecordPrimaryKey".path;
|
|
activeRecordDeterministicKeyFile = config.sops.secrets."services/gitlab/activeRecordDeterministicKey".path;
|
|
};
|
|
};
|
|
|
|
systemd.services.gitlab-backup.environment.BACKUP = "dump";
|
|
}
|