feat: basic gitlab setup

applications/gitlab.nix

@@ -0,0 +1,68 @@
+{  ... }:
+  let
+    hostname = "gitlab.skynet.ie";
+    user = "git";
+  in {
+  imports = [
+    ./acme.nix
+    ./nginx.nix
+  ];
+
+  age.secrets.gitlab_pw = {
+    file = ../secrets/gitlab/pw.age;
+    owner = user;
+    group = user;
+  };
+  age.secrets.gitlab_db = {
+    file = ../secrets/gitlab/db.age;
+    owner = user;
+    group = user;
+  };
+  age.secrets.gitlab_db_pw = {
+    file = ../secrets/gitlab/db_pw.age;
+    owner = user;
+    group = user;
+  };
+
+  # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
+
+  services.nginx = {
+    virtualHosts."${hostname}" = {
+      forceSSL = true;
+      useACMEHost = "skynet";
+      locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+    };
+  };
+
+  services.gitlab = {
+    enable = true;
+    databasePasswordFile = config.age.secrets.gitlab_db_pw.path;
+    initialRootPasswordFile = config.age.secrets.gitlab_pw.path;
+    https = true;
+    host = "${hostname}";
+    port = 443;
+    user = user;
+    group = user;
+    #smtp = {
+    #  enable = true;
+    #  address = "localhost";
+    #  port = 25;
+    #};
+    secrets = {
+      dbFile = config.age.secrets.gitlab_db.path;
+      # these must be backed up for future
+      secretFile = "/var/keys/gitlab/secret";
+      otpFile = "/var/keys/gitlab/otp";
+      jwsFile = "/var/keys/gitlab/jws";
+    };
+    extraConfig = {
+      gitlab = {
+        #email_from = "gitlab-no-reply@example.com";
+        #email_display_name = "Example GitLab";
+        #email_reply_to = "gitlab-no-reply@example.com";
+        default_projects_features = { builds = false; };
+      };
+    };
+  };
+
+}