From 67661e3431649b403c8f26bffb490bc9469f0d25 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Sat, 17 Jun 2023 22:51:13 +0100
Subject: [PATCH] feat: added gitlab pages

---
 applications/acme.nix   |  1 +
 applications/gitlab.nix | 53 +++++++++++++++++++++++++++++++++++++----
 2 files changed, 50 insertions(+), 4 deletions(-)

diff --git a/applications/acme.nix b/applications/acme.nix
index d31b6ab..e604dc7 100644
--- a/applications/acme.nix
+++ b/applications/acme.nix
@@ -21,6 +21,7 @@
         extraDomainNames = [
           "*.skynet.ie"
           "*.minecraft.games.skynet.ie"
+          "*.pages.skynet.ie"
         ];
       };
     };
diff --git a/applications/gitlab.nix b/applications/gitlab.nix
index 9de8732..4731ff4 100644
--- a/applications/gitlab.nix
+++ b/applications/gitlab.nix
@@ -98,6 +98,11 @@
       "${cfg.domain.sub}  CNAME   ${cfg.host.name}"
     ];
 
+    skynet_dns.records.external = [
+      # for gitlab pages
+      "*.pages.${cfg.domain.base}.${cfg.domain.tld}. 1800 IN A ${cfg.host.ip}"
+    ];
+
     networking.firewall.allowedTCPPorts = [
       # for git
       2222
@@ -105,10 +110,20 @@
 
     services.openssh.ports = [ 22 2222 ];
 
-    services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
-      forceSSL = true;
-      useACMEHost = "skynet";
-      locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+    services.nginx.virtualHosts = {
+      # main site
+      "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
+        forceSSL = true;
+        useACMEHost = "skynet";
+        locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+      };
+
+      # pages
+      "*.pages.${cfg.domain.base}.${cfg.domain.tld}" = {
+        forceSSL = true;
+        useACMEHost = "skynet";
+        locations."/".proxyPass = "http://127.0.0.1:8091";
+      };
     };
 
     services.gitlab = {
@@ -122,6 +137,30 @@
       user = cfg.user;
       group = cfg.user;
       databaseUsername = cfg.user;
+
+      pages = {
+        # TODO: https://docs.gitlab.com/ee/administration/pages/index.html#add-the-domain-to-the-public-suffix-list
+        enable = true;
+        settings = {
+          # these are just examples, not to use
+          #artifacts-server = "http(s)://<services.gitlab.host>/api/v4"
+          #gitlab-server = "http(s)://<services.gitlab.host>"
+          pages-domain = "pages.${cfg.domain.base}.${cfg.domain.tld}";
+
+          listen-http = [
+            "127.0.0.1:8091"
+          ];
+
+          /*
+          auth-client-id = "generated-id-xxxxxxx";
+          auth-client-secret = { _secret = "/var/keys/auth-client-secret"; };
+          auth-redirect-uri = "https://projects.example.com/auth";
+          auth-secret = { _secret = "/var/keys/auth-secret"; };
+          auth-server = "https://gitlab.example.com";
+          */
+        };
+
+      };
       #smtp = {
       #  enable = true;
       #  address = "localhost";
@@ -164,6 +203,12 @@
             };
           };
         };
+
+        pages = {
+          # default for pages is set to 8090 but that leaves an "ugly" port in the url,
+          # override it here to make it look good
+          port = 80;
+        };
       };
     };
   };