diff options
Diffstat (limited to 'modules/snorlax/git.nix')
| -rw-r--r-- | modules/snorlax/git.nix | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/modules/snorlax/git.nix b/modules/snorlax/git.nix index 36de434..e91afcb 100644 --- a/modules/snorlax/git.nix +++ b/modules/snorlax/git.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let home = "/persist/var/lib/git"; repos = { @@ -50,7 +50,7 @@ let ''; in { - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [ 80 8080 ]; services.cgit.snorlax = { enable = true; @@ -86,4 +86,43 @@ in packages = with pkgs; [ git ]; }; services.openssh.settings.AllowUsers = [ "git" ]; + + age.secrets= { + gitlab-init-root = { + file = ../../secrets/gitlab-init-root.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-db = { + file = ../../secrets/gitlab-db.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-jws = { + file = ../../secrets/gitlab-jws.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-otp = { + file = ../../secrets/gitlab-otp.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-secret = { + file = ../../secrets/gitlab-secret.age; + owner = "gitlab"; + group = "gitlab"; + }; + }; + + + services.gitlab = { + enable = true; + initialRootEmail = "jaspert.ras@gmail.com"; + initialRootPasswordFile = config.age.secrets.gitlab-init-root.path; + secrets.dbFile = config.age.secrets.gitlab-db.path; + secrets.jwsFile = config.age.secrets.gitlab-jws.path; + secrets.otpFile = config.age.secrets.gitlab-otp.path; + secrets.secretFile = config.age.secrets.gitlab-secret.path; + }; } |