Merge branch 'feat/add-gitlab' into 'main'
feat: add gitlab See merge request winston/infra!1
This commit is contained in:
commit
974ca2aa73
15 changed files with 119 additions and 4 deletions
|
@ -6,14 +6,27 @@ let
|
|||
in {
|
||||
"containers/faerber.env.age".publicKeys = default;
|
||||
"containers/ghcr-token.age".publicKeys = default;
|
||||
|
||||
"lego/porkbun-credentials.age".publicKeys = default;
|
||||
|
||||
"services/attic/atticd.env.age".publicKeys = default;
|
||||
|
||||
"services/freshrss/admin-credentials.age".publicKeys = default;
|
||||
|
||||
"services/gitea/password-database.age".publicKeys = default;
|
||||
"services/gitea/runner-token.age".publicKeys = default;
|
||||
|
||||
"services/gitlab/dbFile.age".publicKeys = default;
|
||||
"services/gitlab/jwsFile.age".publicKeys = default;
|
||||
"services/gitlab/otpFile.age".publicKeys = default;
|
||||
"services/gitlab/secretFile.age".publicKeys = default;
|
||||
"services/gitlab/initialRootPasswordFile.age".publicKeys = default;
|
||||
|
||||
"services/invidious/config.json.age".publicKeys = default;
|
||||
"services/invidious/password-database.age".publicKeys = default;
|
||||
|
||||
"services/wakapi/password-salt.env.age".publicKeys = default;
|
||||
|
||||
"system/password-root.age".publicKeys = default;
|
||||
"system/password-winston.age".publicKeys = default;
|
||||
}
|
||||
|
|
7
config/secrets/services/gitlab/dbFile.age
Normal file
7
config/secrets/services/gitlab/dbFile.age
Normal file
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> piv-p256 ML6NcA AlQdkB/oXYRRK3gv9K3VQJ+Y1s15cmMsc35MH/37J76F
|
||||
2XYHW0ecBjFFzd46wnW/jkiOS6PU5L+lNLSExQv5gPo
|
||||
-> ssh-ed25519 zj2A2A 7EcFaSjzgKu9Piy4VXVYHrFNz0AlLLmeJlkFZe1xDi0
|
||||
NyQpvTEfunmReT7Ri0CfL7260cn150bqW/jiArQ1z8I
|
||||
--- 5OhYw4koEcQBhnKUjA8aHkbUZ3o9v/0fRN5twU72R+0
|
||||
&šKÞën”'4pNÏ[hFµÂïÁà<C381>Ñ4ù½Ø}ÝtÜ#ΥƤS¢Ó@è±ÆMQ´»Ðë„Âí;ó u_:Pƒ]—ÞÌ¡§ÉÓ5d?
˜tÝå' ‚úœÕUõ“Õ
|
|
@ -0,0 +1,8 @@
|
|||
age-encryption.org/v1
|
||||
-> piv-p256 ML6NcA A3B/mnV9SGBb2GcY5oE5NPSkprv0mA0u2gr/x9iFz4d4
|
||||
S4db0PsWSupKRaiFoObxB6wgh+bT67Zn/xx1EWSv7HI
|
||||
-> ssh-ed25519 zj2A2A AiZf7bER4xz4Z/uORWAsMC3+EkRzfnJfcRm/ticvmHg
|
||||
Q84LW1Tupl2g513/O19ZX/fVjrK+OVbiRg1TR5Cx7ZA
|
||||
--- i9jrVPtGgLEFks0hoPk2bdbbj+Av1/XfTgtxWS877O4
|
||||
<EFBFBD>5·g¸Û¢ÕÙ(}gs“[LS“ªÂòY4ïœuE%Gsù
|
||||
¸ú‘Ôý×Ëü¹Ý"“‚Û‚7ƒ§™¥ìî
|
BIN
config/secrets/services/gitlab/jwsFile.age
Normal file
BIN
config/secrets/services/gitlab/jwsFile.age
Normal file
Binary file not shown.
8
config/secrets/services/gitlab/otpFile.age
Normal file
8
config/secrets/services/gitlab/otpFile.age
Normal file
|
@ -0,0 +1,8 @@
|
|||
age-encryption.org/v1
|
||||
-> piv-p256 ML6NcA AnpV2pIa/CJARAIeqiSnMmImKfcH9I2Rx1a60PPbj0B5
|
||||
ubQJ5fXCm8QdZxKzB1JQhM2czxcM389i3KJMVWhu/v0
|
||||
-> ssh-ed25519 zj2A2A 94bArcytcgnc4Z3rGC7OjegYmSI+wgVedBBJJdS7cjo
|
||||
n+Quq/5MvYStNKO1pb6gt5+OSzdS5G69E5nz8m/4L20
|
||||
--- fjLcbdOs+eow7Bga8biE1ndVJ4YQuIsxVvBjVlaWnFk
|
||||
ž.G¡yà•¨Ù—Â¯XhvÊ<‘S¸$ <>¸’?Îôlj-…Exajæ™ÖÀ̇+PÎéêØÃ!¢ÚÝ–Ò‡¤
|
||||
<EFBFBD>’Dw"2Æ|4}´÷Jê$¾KˆÕ6S;Ê(/§
|
9
config/secrets/services/gitlab/secretFile.age
Normal file
9
config/secrets/services/gitlab/secretFile.age
Normal file
|
@ -0,0 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> piv-p256 ML6NcA Agle2Q7Wqs6UQid4OdoqCqXhgFDbXGmOdMWrn6dEfYMz
|
||||
c5mObXbkVmeK0bkyrfRqfeVXqQEKi2s1gKGzQExJyF8
|
||||
-> ssh-ed25519 zj2A2A IzCLZxeLJr0K9oB1VXv/dEaExmyWdArcA6VLIG46CGk
|
||||
KdF7I4wOp/E0mHACZEmuhYbftK95cTKD+8jXv8pIkEI
|
||||
--- wtdyUN37m2GJbOCfBXR2+KYj7C1edcS5htu0a+dcB+Y
|
||||
®
|
||||
‚¡n=|¶ÜÙ\ªœÿŒ¢}‰ÿÍÅLd
|
||||
±°ø:+€#ì}_Ôdµù¯—ʯøÈó1c8!KÖŸXé®õj²Ž~ׯM=Ö”´ÚKò~ÓDòý»w«&õ‡Ìpëýáç<C3A1>Œ„!
|
|
@ -4,7 +4,8 @@
|
|||
./atuin.nix
|
||||
./containers.nix
|
||||
./freshrss.nix
|
||||
./gitea.nix
|
||||
# ./gitea
|
||||
./gitlab
|
||||
./invidious.nix
|
||||
./libreddit.nix
|
||||
./nginx.nix
|
||||
|
|
|
@ -79,14 +79,14 @@
|
|||
};
|
||||
|
||||
services.gitea-actions-runner.instances.main = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
name = "main";
|
||||
url = config.services.gitea.settings.server.ROOT_URL;
|
||||
tokenFile = config.age.secrets."services/gitea/runner-token".path;
|
||||
labels = ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
|
||||
settings.container = {
|
||||
network = "host";
|
||||
options = "--add-host=git.winston.sh:host-gateway";
|
||||
options = "--add-host=gitea.winston.sh:host-gateway";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -96,7 +96,7 @@
|
|||
lib.mkAfter ''
|
||||
chmod u+w -R ${stateDir}/custom/**/*
|
||||
# apply customizations
|
||||
cp -Rf ${./gitea}/* ${stateDir}/custom
|
||||
cp -Rf ${./customizations}/* ${stateDir}/custom
|
||||
chmod u-w -R ${stateDir}/custom/**/*
|
||||
'';
|
||||
|
15
config/services/gitlab/default.nix
Normal file
15
config/services/gitlab/default.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{
|
||||
imports = [
|
||||
./module.nix
|
||||
./nginx.nix
|
||||
./secrets.nix
|
||||
];
|
||||
|
||||
services.gitlab = {
|
||||
enable = true;
|
||||
https = true;
|
||||
port = 24136;
|
||||
host = "gitlab.winston.sh";
|
||||
initialRootEmail = "hey@winston.sh";
|
||||
};
|
||||
}
|
23
config/services/gitlab/module.nix
Normal file
23
config/services/gitlab/module.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
# swap out GitLab stable for unstable
|
||||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
disabledModules = [
|
||||
"services/misc/gitlab.nix"
|
||||
"services/continuous-integration/gitlab-runner.nix"
|
||||
];
|
||||
imports = [
|
||||
"${inputs.nixpkgs-unstable}/nixos/modules/services/misc/gitlab.nix"
|
||||
"${inputs.nixpkgs-unstable}/nixos/modules/services/continuous-integration/gitlab-runner.nix"
|
||||
];
|
||||
services.gitlab.packages = {
|
||||
gitaly = pkgs.unstable.gitaly;
|
||||
gitlab = pkgs.unstable.gitlab;
|
||||
gitlab-shell = pkgs.unstable.gitlab-shell;
|
||||
gitlab-workhorse = pkgs.unstable.gitlab-workhorse;
|
||||
pages = pkgs.unstable.gitlab-pages;
|
||||
};
|
||||
services.gitlab-runner.package = pkgs.unstable.gitea-actions-runner;
|
||||
}
|
12
config/services/gitlab/nginx.nix
Normal file
12
config/services/gitlab/nginx.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{config, ...}: {
|
||||
services.nginx.virtualHosts.${config.services.gitlab.host} = {
|
||||
forceSSL = true;
|
||||
enableACME = false;
|
||||
useACMEHost = "winston.sh";
|
||||
|
||||
locations."/" = {
|
||||
extraConfig = "client_max_body_size 512M;";
|
||||
proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||||
};
|
||||
};
|
||||
}
|
19
config/services/gitlab/secrets.nix
Normal file
19
config/services/gitlab/secrets.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{config, ...}: {
|
||||
services.gitlab = {
|
||||
initialRootPasswordFile = config.age.secrets."services/gitlab/initialRootPasswordFile".path;
|
||||
secrets = {
|
||||
dbFile = config.age.secrets."services/gitlab/dbFile".path;
|
||||
jwsFile = config.age.secrets."services/gitlab/jwsFile".path;
|
||||
otpFile = config.age.secrets."services/gitlab/otpFile".path;
|
||||
secretFile = config.age.secrets."services/gitlab/secretFile".path;
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets = {
|
||||
"services/gitlab/dbFile".owner = "gitlab";
|
||||
"services/gitlab/jwsFile".owner = "gitlab";
|
||||
"services/gitlab/otpFile".owner = "gitlab";
|
||||
"services/gitlab/secretFile".owner = "gitlab";
|
||||
"services/gitlab/initialRootPasswordFile".owner = "gitlab";
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue