From 359614b31cc46bc4d00af97753725d5db4b1f5b3 Mon Sep 17 00:00:00 2001
From: Jasper Ras <jras@hostnet.nl>
Date: Mon, 24 Mar 2025 08:34:04 +0100
Subject: some gitlab stuff

---
 modules/snorlax/git.nix      |  43 +++++++++++++++++++++++++++++++++++++++++--
 secrets/gitlab-db.age        | Bin 0 -> 267 bytes
 secrets/gitlab-init-root.age | Bin 0 -> 260 bytes
 secrets/gitlab-jws.age       | Bin 0 -> 1940 bytes
 secrets/gitlab-otp.age       | Bin 0 -> 267 bytes
 secrets/gitlab-secret.age    | Bin 0 -> 267 bytes
 secrets/secrets.nix          | Bin 1013 -> 1237 bytes
 7 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 secrets/gitlab-db.age
 create mode 100644 secrets/gitlab-init-root.age
 create mode 100644 secrets/gitlab-jws.age
 create mode 100644 secrets/gitlab-otp.age
 create mode 100644 secrets/gitlab-secret.age

diff --git a/modules/snorlax/git.nix b/modules/snorlax/git.nix
index 36de434..e91afcb 100644
--- a/modules/snorlax/git.nix
+++ b/modules/snorlax/git.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
   home = "/persist/var/lib/git";
   repos = {
@@ -50,7 +50,7 @@ let
   '';
 in
 {
-  networking.firewall.allowedTCPPorts = [ 80 ];
+  networking.firewall.allowedTCPPorts = [ 80 8080 ];
 
   services.cgit.snorlax = {
     enable = true;
@@ -86,4 +86,43 @@ in
     packages = with pkgs; [ git ];
   };
   services.openssh.settings.AllowUsers = [ "git" ];
+
+  age.secrets= {
+    gitlab-init-root = {
+      file = ../../secrets/gitlab-init-root.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+    gitlab-db = {
+      file = ../../secrets/gitlab-db.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+    gitlab-jws = {
+      file = ../../secrets/gitlab-jws.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+    gitlab-otp = {
+      file = ../../secrets/gitlab-otp.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+    gitlab-secret = {
+      file = ../../secrets/gitlab-secret.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+  };
+
+
+  services.gitlab = {
+    enable = true;
+    initialRootEmail = "jaspert.ras@gmail.com";
+    initialRootPasswordFile = config.age.secrets.gitlab-init-root.path;
+    secrets.dbFile = config.age.secrets.gitlab-db.path;
+    secrets.jwsFile = config.age.secrets.gitlab-jws.path;
+    secrets.otpFile = config.age.secrets.gitlab-otp.path;
+    secrets.secretFile = config.age.secrets.gitlab-secret.path;
+  };
 }
diff --git a/secrets/gitlab-db.age b/secrets/gitlab-db.age
new file mode 100644
index 0000000..c388e62
Binary files /dev/null and b/secrets/gitlab-db.age differ
diff --git a/secrets/gitlab-init-root.age b/secrets/gitlab-init-root.age
new file mode 100644
index 0000000..9abf0cd
Binary files /dev/null and b/secrets/gitlab-init-root.age differ
diff --git a/secrets/gitlab-jws.age b/secrets/gitlab-jws.age
new file mode 100644
index 0000000..eb8fa72
Binary files /dev/null and b/secrets/gitlab-jws.age differ
diff --git a/secrets/gitlab-otp.age b/secrets/gitlab-otp.age
new file mode 100644
index 0000000..de88c43
Binary files /dev/null and b/secrets/gitlab-otp.age differ
diff --git a/secrets/gitlab-secret.age b/secrets/gitlab-secret.age
new file mode 100644
index 0000000..5ea07bb
Binary files /dev/null and b/secrets/gitlab-secret.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b87293b..b0a4d7c 100644
Binary files a/secrets/secrets.nix and b/secrets/secrets.nix differ
-- 
cgit v1.2.3