feat: add gitlab
This commit is contained in:
parent
3abd2abb29
commit
4ad5d302a7
15 changed files with 119 additions and 4 deletions
|
@ -6,14 +6,27 @@ let
|
||||||
in {
|
in {
|
||||||
"containers/faerber.env.age".publicKeys = default;
|
"containers/faerber.env.age".publicKeys = default;
|
||||||
"containers/ghcr-token.age".publicKeys = default;
|
"containers/ghcr-token.age".publicKeys = default;
|
||||||
|
|
||||||
"lego/porkbun-credentials.age".publicKeys = default;
|
"lego/porkbun-credentials.age".publicKeys = default;
|
||||||
|
|
||||||
"services/attic/atticd.env.age".publicKeys = default;
|
"services/attic/atticd.env.age".publicKeys = default;
|
||||||
|
|
||||||
"services/freshrss/admin-credentials.age".publicKeys = default;
|
"services/freshrss/admin-credentials.age".publicKeys = default;
|
||||||
|
|
||||||
"services/gitea/password-database.age".publicKeys = default;
|
"services/gitea/password-database.age".publicKeys = default;
|
||||||
"services/gitea/runner-token.age".publicKeys = default;
|
"services/gitea/runner-token.age".publicKeys = default;
|
||||||
|
|
||||||
|
"services/gitlab/dbFile.age".publicKeys = default;
|
||||||
|
"services/gitlab/jwsFile.age".publicKeys = default;
|
||||||
|
"services/gitlab/otpFile.age".publicKeys = default;
|
||||||
|
"services/gitlab/secretFile.age".publicKeys = default;
|
||||||
|
"services/gitlab/initialRootPasswordFile.age".publicKeys = default;
|
||||||
|
|
||||||
"services/invidious/config.json.age".publicKeys = default;
|
"services/invidious/config.json.age".publicKeys = default;
|
||||||
"services/invidious/password-database.age".publicKeys = default;
|
"services/invidious/password-database.age".publicKeys = default;
|
||||||
|
|
||||||
"services/wakapi/password-salt.env.age".publicKeys = default;
|
"services/wakapi/password-salt.env.age".publicKeys = default;
|
||||||
|
|
||||||
"system/password-root.age".publicKeys = default;
|
"system/password-root.age".publicKeys = default;
|
||||||
"system/password-winston.age".publicKeys = default;
|
"system/password-winston.age".publicKeys = default;
|
||||||
}
|
}
|
||||||
|
|
7
config/secrets/services/gitlab/dbFile.age
Normal file
7
config/secrets/services/gitlab/dbFile.age
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> piv-p256 ML6NcA AlQdkB/oXYRRK3gv9K3VQJ+Y1s15cmMsc35MH/37J76F
|
||||||
|
2XYHW0ecBjFFzd46wnW/jkiOS6PU5L+lNLSExQv5gPo
|
||||||
|
-> ssh-ed25519 zj2A2A 7EcFaSjzgKu9Piy4VXVYHrFNz0AlLLmeJlkFZe1xDi0
|
||||||
|
NyQpvTEfunmReT7Ri0CfL7260cn150bqW/jiArQ1z8I
|
||||||
|
--- 5OhYw4koEcQBhnKUjA8aHkbUZ3o9v/0fRN5twU72R+0
|
||||||
|
&šKÞën”'4pNÏ[hFµÂïÁà<C381>Ñ4ù½Ø}ÝtÜ#ΥƤS¢Ó@è±ÆMQ´»Ðë„Âí;ó u_:Pƒ]—ÞÌ¡§ÉÓ5d?
˜tÝå' ‚úœÕUõ“Õ
|
|
@ -0,0 +1,8 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> piv-p256 ML6NcA A3B/mnV9SGBb2GcY5oE5NPSkprv0mA0u2gr/x9iFz4d4
|
||||||
|
S4db0PsWSupKRaiFoObxB6wgh+bT67Zn/xx1EWSv7HI
|
||||||
|
-> ssh-ed25519 zj2A2A AiZf7bER4xz4Z/uORWAsMC3+EkRzfnJfcRm/ticvmHg
|
||||||
|
Q84LW1Tupl2g513/O19ZX/fVjrK+OVbiRg1TR5Cx7ZA
|
||||||
|
--- i9jrVPtGgLEFks0hoPk2bdbbj+Av1/XfTgtxWS877O4
|
||||||
|
<EFBFBD>5·g¸Û¢ÕÙ(}gs“[LS“ªÂòY4ïœuE%Gsù
|
||||||
|
¸ú‘Ôý×Ëü¹Ý"“‚Û‚7ƒ§™¥ìî
|
BIN
config/secrets/services/gitlab/jwsFile.age
Normal file
BIN
config/secrets/services/gitlab/jwsFile.age
Normal file
Binary file not shown.
8
config/secrets/services/gitlab/otpFile.age
Normal file
8
config/secrets/services/gitlab/otpFile.age
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> piv-p256 ML6NcA AnpV2pIa/CJARAIeqiSnMmImKfcH9I2Rx1a60PPbj0B5
|
||||||
|
ubQJ5fXCm8QdZxKzB1JQhM2czxcM389i3KJMVWhu/v0
|
||||||
|
-> ssh-ed25519 zj2A2A 94bArcytcgnc4Z3rGC7OjegYmSI+wgVedBBJJdS7cjo
|
||||||
|
n+Quq/5MvYStNKO1pb6gt5+OSzdS5G69E5nz8m/4L20
|
||||||
|
--- fjLcbdOs+eow7Bga8biE1ndVJ4YQuIsxVvBjVlaWnFk
|
||||||
|
ž.G¡yà•¨Ù—Â¯XhvÊ<‘S¸$ <>¸’?Îôlj-…Exajæ™ÖÀ̇+PÎéêØÃ!¢ÚÝ–Ò‡¤
|
||||||
|
<EFBFBD>’Dw"2Æ|4}´÷Jê$¾KˆÕ6S;Ê(/§
|
9
config/secrets/services/gitlab/secretFile.age
Normal file
9
config/secrets/services/gitlab/secretFile.age
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> piv-p256 ML6NcA Agle2Q7Wqs6UQid4OdoqCqXhgFDbXGmOdMWrn6dEfYMz
|
||||||
|
c5mObXbkVmeK0bkyrfRqfeVXqQEKi2s1gKGzQExJyF8
|
||||||
|
-> ssh-ed25519 zj2A2A IzCLZxeLJr0K9oB1VXv/dEaExmyWdArcA6VLIG46CGk
|
||||||
|
KdF7I4wOp/E0mHACZEmuhYbftK95cTKD+8jXv8pIkEI
|
||||||
|
--- wtdyUN37m2GJbOCfBXR2+KYj7C1edcS5htu0a+dcB+Y
|
||||||
|
®
|
||||||
|
‚¡n=|¶ÜÙ\ªœÿŒ¢}‰ÿÍÅLd
|
||||||
|
±°ø:+€#ì}_Ôdµù¯—ʯøÈó1c8!KÖŸXé®õj²Ž~ׯM=Ö”´ÚKò~ÓDòý»w«&õ‡Ìpëýáç<C3A1>Œ„!
|
|
@ -4,7 +4,8 @@
|
||||||
./atuin.nix
|
./atuin.nix
|
||||||
./containers.nix
|
./containers.nix
|
||||||
./freshrss.nix
|
./freshrss.nix
|
||||||
./gitea.nix
|
# ./gitea
|
||||||
|
./gitlab
|
||||||
./invidious.nix
|
./invidious.nix
|
||||||
./libreddit.nix
|
./libreddit.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
|
|
|
@ -79,14 +79,14 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.gitea-actions-runner.instances.main = {
|
services.gitea-actions-runner.instances.main = {
|
||||||
enable = true;
|
enable = false;
|
||||||
name = "main";
|
name = "main";
|
||||||
url = config.services.gitea.settings.server.ROOT_URL;
|
url = config.services.gitea.settings.server.ROOT_URL;
|
||||||
tokenFile = config.age.secrets."services/gitea/runner-token".path;
|
tokenFile = config.age.secrets."services/gitea/runner-token".path;
|
||||||
labels = ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
|
labels = ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
|
||||||
settings.container = {
|
settings.container = {
|
||||||
network = "host";
|
network = "host";
|
||||||
options = "--add-host=git.winston.sh:host-gateway";
|
options = "--add-host=gitea.winston.sh:host-gateway";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -96,7 +96,7 @@
|
||||||
lib.mkAfter ''
|
lib.mkAfter ''
|
||||||
chmod u+w -R ${stateDir}/custom/**/*
|
chmod u+w -R ${stateDir}/custom/**/*
|
||||||
# apply customizations
|
# apply customizations
|
||||||
cp -Rf ${./gitea}/* ${stateDir}/custom
|
cp -Rf ${./customizations}/* ${stateDir}/custom
|
||||||
chmod u-w -R ${stateDir}/custom/**/*
|
chmod u-w -R ${stateDir}/custom/**/*
|
||||||
'';
|
'';
|
||||||
|
|
15
config/services/gitlab/default.nix
Normal file
15
config/services/gitlab/default.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./module.nix
|
||||||
|
./nginx.nix
|
||||||
|
./secrets.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
services.gitlab = {
|
||||||
|
enable = true;
|
||||||
|
https = true;
|
||||||
|
port = 24136;
|
||||||
|
host = "gitlab.winston.sh";
|
||||||
|
initialRootEmail = "hey@winston.sh";
|
||||||
|
};
|
||||||
|
}
|
23
config/services/gitlab/module.nix
Normal file
23
config/services/gitlab/module.nix
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# swap out GitLab stable for unstable
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
disabledModules = [
|
||||||
|
"services/misc/gitlab.nix"
|
||||||
|
"services/continuous-integration/gitlab-runner.nix"
|
||||||
|
];
|
||||||
|
imports = [
|
||||||
|
"${inputs.nixpkgs-unstable}/nixos/modules/services/misc/gitlab.nix"
|
||||||
|
"${inputs.nixpkgs-unstable}/nixos/modules/services/continuous-integration/gitlab-runner.nix"
|
||||||
|
];
|
||||||
|
services.gitlab.packages = {
|
||||||
|
gitaly = pkgs.unstable.gitaly;
|
||||||
|
gitlab = pkgs.unstable.gitlab;
|
||||||
|
gitlab-shell = pkgs.unstable.gitlab-shell;
|
||||||
|
gitlab-workhorse = pkgs.unstable.gitlab-workhorse;
|
||||||
|
pages = pkgs.unstable.gitlab-pages;
|
||||||
|
};
|
||||||
|
services.gitlab-runner.package = pkgs.unstable.gitea-actions-runner;
|
||||||
|
}
|
12
config/services/gitlab/nginx.nix
Normal file
12
config/services/gitlab/nginx.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{config, ...}: {
|
||||||
|
services.nginx.virtualHosts.${config.services.gitlab.host} = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = false;
|
||||||
|
useACMEHost = "winston.sh";
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
extraConfig = "client_max_body_size 512M;";
|
||||||
|
proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
19
config/services/gitlab/secrets.nix
Normal file
19
config/services/gitlab/secrets.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{config, ...}: {
|
||||||
|
services.gitlab = {
|
||||||
|
initialRootPasswordFile = config.age.secrets."services/gitlab/initialRootPasswordFile".path;
|
||||||
|
secrets = {
|
||||||
|
dbFile = config.age.secrets."services/gitlab/dbFile".path;
|
||||||
|
jwsFile = config.age.secrets."services/gitlab/jwsFile".path;
|
||||||
|
otpFile = config.age.secrets."services/gitlab/otpFile".path;
|
||||||
|
secretFile = config.age.secrets."services/gitlab/secretFile".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets = {
|
||||||
|
"services/gitlab/dbFile".owner = "gitlab";
|
||||||
|
"services/gitlab/jwsFile".owner = "gitlab";
|
||||||
|
"services/gitlab/otpFile".owner = "gitlab";
|
||||||
|
"services/gitlab/secretFile".owner = "gitlab";
|
||||||
|
"services/gitlab/initialRootPasswordFile".owner = "gitlab";
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue