From 359614b31cc46bc4d00af97753725d5db4b1f5b3 Mon Sep 17 00:00:00 2001 From: Jasper Ras Date: Mon, 24 Mar 2025 08:34:04 +0100 Subject: some gitlab stuff --- modules/snorlax/git.nix | 43 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) (limited to 'modules/snorlax') diff --git a/modules/snorlax/git.nix b/modules/snorlax/git.nix index 36de434..e91afcb 100644 --- a/modules/snorlax/git.nix +++ b/modules/snorlax/git.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let home = "/persist/var/lib/git"; repos = { @@ -50,7 +50,7 @@ let ''; in { - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [ 80 8080 ]; services.cgit.snorlax = { enable = true; @@ -86,4 +86,43 @@ in packages = with pkgs; [ git ]; }; services.openssh.settings.AllowUsers = [ "git" ]; + + age.secrets= { + gitlab-init-root = { + file = ../../secrets/gitlab-init-root.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-db = { + file = ../../secrets/gitlab-db.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-jws = { + file = ../../secrets/gitlab-jws.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-otp = { + file = ../../secrets/gitlab-otp.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-secret = { + file = ../../secrets/gitlab-secret.age; + owner = "gitlab"; + group = "gitlab"; + }; + }; + + + services.gitlab = { + enable = true; + initialRootEmail = "jaspert.ras@gmail.com"; + initialRootPasswordFile = config.age.secrets.gitlab-init-root.path; + secrets.dbFile = config.age.secrets.gitlab-db.path; + secrets.jwsFile = config.age.secrets.gitlab-jws.path; + secrets.otpFile = config.age.secrets.gitlab-otp.path; + secrets.secretFile = config.age.secrets.gitlab-secret.path; + }; } -- cgit v1.2.3