Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat: basic gitlab setup

Browse source
This commit is contained in:
silver 2023-05-16 16:40:49 +01:00
parent 960a5c8772
commit 4ef6c14a32
5 changed files with 99 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
applications/gitlab.nix Normal file
View file

@ -0,0 +1,68 @@
{ ... }:
let
hostname = "gitlab.skynet.ie";
user = "git";
in {
imports = [
./acme.nix
./nginx.nix
];
age.secrets.gitlab_pw = {
file = ../secrets/gitlab/pw.age;
owner = user;
group = user;
};
age.secrets.gitlab_db = {
file = ../secrets/gitlab/db.age;
owner = user;
group = user;
};
age.secrets.gitlab_db_pw = {
file = ../secrets/gitlab/db_pw.age;
owner = user;
group = user;
};
# using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
services.nginx = {
virtualHosts."${hostname}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
services.gitlab = {
enable = true;
databasePasswordFile = config.age.secrets.gitlab_db_pw.path;
initialRootPasswordFile = config.age.secrets.gitlab_pw.path;
https = true;
host = "${hostname}";
port = 443;
user = user;
group = user;
#smtp = {
# enable = true;
# address = "localhost";
# port = 25;
#};
secrets = {
dbFile = config.age.secrets.gitlab_db.path;
# these must be backed up for future
secretFile = "/var/keys/gitlab/secret";
otpFile = "/var/keys/gitlab/otp";
jwsFile = "/var/keys/gitlab/jws";
};
extraConfig = {
gitlab = {
#email_from = "gitlab-no-reply@example.com";
#email_display_name = "Example GitLab";
#email_reply_to = "gitlab-no-reply@example.com";
default_projects_features = { builds = false; };
};
};
};
}

12
secrets/gitlab/db.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA l99EDFzdxhrhqX7PTVgDB1XLRLWlNA9Ah/OMnhSywQc
FINnfEGNuE8M+1a49KvkcS+UVqZBJgNXsGvl9RPvT/8
-> ssh-ed25519 rIwlvw XhUekhfkThrDVPBItJhXNX0sAup+bv1OU3+HWQwxgHE
PQ2V2zmzEqKzaf37NpQm1Wm/osBEpjYxbXbnC9Y7EQw
-> ssh-ed25519 q8eJgg yc+NaJoUBZMQaOaEgLw2M9xlUKmMVhVVjndi03hac3I
2JWQ6OHWBjBD2zA3H+vz6KDyd3EYYVQF/sEIGRDG7U4
-> 1wLyBA"-grease _-0D@TCk BT2r
QsNjPlch
--- RrST/7Y85PqLSqRBZK6RzozjHxHD28JYeUpI9LH13HY
ñS!-ƒ¶|˜÷)ç/P¤¿
Ó™qlB±Ù¹HlzDû5Ð]øwœeÕÚûHE‡ð½Y$¡ÿún<C3BA>@g9<67>áôÁE»òãå ³íö5Âx…0ÊL¤«¾}G¼Ó(TÈ,wtzþTL™“¾k)@c<>íÃÇ{žwß®M$%‡ül^ñ€Ø¢ébtû+9%Í^)Ï.<9¹~U¾T"M!Þ<HH;

12
secrets/gitlab/db_pw.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA BOEf42dr0ovi7tK+h4bKGEXdayMeI39+j92N4uEQuj4
5vHmK1nQks4cc18yDK5di2XePWnoT3eSZ2MDsnV7gGQ
-> ssh-ed25519 rIwlvw pB4NFeSRVgFHNEKZyLy1PNBPkjkSiBUk4xptMB4Biyw
BWhM/zDBWXFdOCi+LoDoaY0scGR8eb7zFLAK0SwjL3Y
-> ssh-ed25519 q8eJgg kgvMBm+T9rACXXHzK/huE8TKzMyZmt1JfeKiyhmNMUY
SHY84rfJIYGQDGyh7qGDw7vVa8Dm7RuRbezLWjW5RDA
-> va-KFND-grease +L-g& o|sn9 &D
qmqveE91pG5SzeqK5JECiho8jpWhl6PWNSM6FEvGlGA87URFlxk3QcWuZ/Z1MjAn
TfdveEpao4t0/D/xLIpyZg00i2csW3m9VvaefOGwXJX/WvGkwyDLWg
--- voJQ2+8n4R7gvZYpFnAfrmrLevGncTJrOpYjklYZ9O8
b‡¼Î™"r5ch_>Šª2K ñ}´¤œEú?8}kª€Å·„àü-<2D>§A«c%p¦ <vx¢Å<C2A2>?*<>ÞHžÑTuŽj“¦ñôöŽkª^?¼Ìr4|!b¸î&²%5œ?<3F>6gšChXÍW0lx·=D»*ÌùÇÝ>m€LUçÊç|K½Æ¸“N ô<>¥„OD§Úй

BIN
secrets/gitlab/pw.age Normal file
View file

Binary file not shown.

7
secrets/secrets.nix
View file

@ -23,6 +23,8 @@ let
optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus";
glados = "";
systems = [
agentjones
ash
@ -50,4 +52,9 @@ in
"stream_ulfm.age".publicKeys = users ++ [galatea];
"gitlab/pw.age".publicKeys = users ++ [glados];
"gitlab/db.age".publicKeys = users ++ [glados];
"gitlab/db_pw.age".publicKeys = users ++ [glados];
}