68 lines
1.6 KiB
Nix
68 lines
1.6 KiB
Nix
|
{ ... }:
|
||
|
let
|
||
|
hostname = "gitlab.skynet.ie";
|
||
|
user = "git";
|
||
|
in {
|
||
|
imports = [
|
||
|
./acme.nix
|
||
|
./nginx.nix
|
||
|
];
|
||
|
|
||
|
age.secrets.gitlab_pw = {
|
||
|
file = ../secrets/gitlab/pw.age;
|
||
|
owner = user;
|
||
|
group = user;
|
||
|
};
|
||
|
age.secrets.gitlab_db = {
|
||
|
file = ../secrets/gitlab/db.age;
|
||
|
owner = user;
|
||
|
group = user;
|
||
|
};
|
||
|
age.secrets.gitlab_db_pw = {
|
||
|
file = ../secrets/gitlab/db_pw.age;
|
||
|
owner = user;
|
||
|
group = user;
|
||
|
};
|
||
|
|
||
|
# using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
|
||
|
|
||
|
services.nginx = {
|
||
|
virtualHosts."${hostname}" = {
|
||
|
forceSSL = true;
|
||
|
useACMEHost = "skynet";
|
||
|
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
services.gitlab = {
|
||
|
enable = true;
|
||
|
databasePasswordFile = config.age.secrets.gitlab_db_pw.path;
|
||
|
initialRootPasswordFile = config.age.secrets.gitlab_pw.path;
|
||
|
https = true;
|
||
|
host = "${hostname}";
|
||
|
port = 443;
|
||
|
user = user;
|
||
|
group = user;
|
||
|
#smtp = {
|
||
|
# enable = true;
|
||
|
# address = "localhost";
|
||
|
# port = 25;
|
||
|
#};
|
||
|
secrets = {
|
||
|
dbFile = config.age.secrets.gitlab_db.path;
|
||
|
# these must be backed up for future
|
||
|
secretFile = "/var/keys/gitlab/secret";
|
||
|
otpFile = "/var/keys/gitlab/otp";
|
||
|
jwsFile = "/var/keys/gitlab/jws";
|
||
|
};
|
||
|
extraConfig = {
|
||
|
gitlab = {
|
||
|
#email_from = "gitlab-no-reply@example.com";
|
||
|
#email_display_name = "Example GitLab";
|
||
|
#email_reply_to = "gitlab-no-reply@example.com";
|
||
|
default_projects_features = { builds = false; };
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
}
|