feat: added gitlab pages

2023-06-17 22:51:13 +01:00 · 2023-06-17 22:51:13 +01:00 · 67661e3431
commit 67661e3431
parent 39fe45e75a
2 changed files with 50 additions and 4 deletions
--- a/applications/acme.nix
+++ b/applications/acme.nix
@ -21,6 +21,7 @@
        extraDomainNames = [
          "*.skynet.ie"
          "*.minecraft.games.skynet.ie"
+          "*.pages.skynet.ie"
        ];
      };
    };
--- a/applications/gitlab.nix
+++ b/applications/gitlab.nix
@ -98,6 +98,11 @@
      "${cfg.domain.sub}  CNAME   ${cfg.host.name}"
    ];

+    skynet_dns.records.external = [
+      # for gitlab pages
+      "*.pages.${cfg.domain.base}.${cfg.domain.tld}. 1800 IN A ${cfg.host.ip}"
+    ];
+
    networking.firewall.allowedTCPPorts = [
      # for git
      2222
@ -105,10 +110,20 @@

    services.openssh.ports = [ 22 2222 ];

-    services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
-      forceSSL = true;
-      useACMEHost = "skynet";
-      locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+    services.nginx.virtualHosts = {
+      # main site
+      "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
+        forceSSL = true;
+        useACMEHost = "skynet";
+        locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+      };
+
+      # pages
+      "*.pages.${cfg.domain.base}.${cfg.domain.tld}" = {
+        forceSSL = true;
+        useACMEHost = "skynet";
+        locations."/".proxyPass = "http://127.0.0.1:8091";
+      };
    };

    services.gitlab = {
@ -122,6 +137,30 @@
      user = cfg.user;
      group = cfg.user;
      databaseUsername = cfg.user;
+
+      pages = {
+        # TODO: https://docs.gitlab.com/ee/administration/pages/index.html#add-the-domain-to-the-public-suffix-list
+        enable = true;
+        settings = {
+          # these are just examples, not to use
+          #artifacts-server = "http(s)://<services.gitlab.host>/api/v4"
+          #gitlab-server = "http(s)://<services.gitlab.host>"
+          pages-domain = "pages.${cfg.domain.base}.${cfg.domain.tld}";
+
+          listen-http = [
+            "127.0.0.1:8091"
+          ];
+
+          /*
+          auth-client-id = "generated-id-xxxxxxx";
+          auth-client-secret = { _secret = "/var/keys/auth-client-secret"; };
+          auth-redirect-uri = "https://projects.example.com/auth";
+          auth-secret = { _secret = "/var/keys/auth-secret"; };
+          auth-server = "https://gitlab.example.com";
+          */
+        };
+
+      };
      #smtp = {
      #  enable = true;
      #  address = "localhost";
@ -164,6 +203,12 @@
            };
          };
        };
+
+        pages = {
+          # default for pages is set to 8090 but that leaves an "ugly" port in the url,
+          # override it here to make it look good
+          port = 80;
+        };
      };
    };
  };