gitlab option added

2025-07-14 16:03:53 +02:00 · 2025-07-14 16:03:53 +02:00 · 90bd3afa1b
commit 90bd3afa1b
parent debb28721e
4 changed files with 70 additions and 1 deletions
--- a/computer/pc-demo1/default.nix
+++ b/computer/pc-demo1/default.nix
@ -7,7 +7,7 @@
    software = {
      desktop = true;
      nextcloud.server.enable = true;
-      gitlab.enable = true;
+      gitlab = true;
    };
    disk.device.name = "vda";
    hardware.virtualmachine.type = "kvm";
--- a/software/default.nix
+++ b/software/default.nix
@ -38,6 +38,7 @@
  imports = [
    ./firmware.nix
    ./gnome.nix
+    ./gitlab.nix
    ./nextcloud.nix
    ./nix-daemon.nix
    ./openssh.nix
--- a/software/gitlab.nix
+++ b/software/gitlab.nix
@ -0,0 +1,64 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+{
+  config = lib.mkIf (config.beancloud.software.gitlab) {
+    beancloud.network.nat = true;
+    containers.gitlab = {
+      autoStart = true;
+      privateNetwork = true;
+      hostAddress = "192.168.100.10";
+      localAddress = "192.168.100.11";
+      config =
+        {
+          pkgs,
+          lib,
+          ...
+        }:
+        {
+          system.stateVersion = "25.05";
+          systemd.services.gitlab-backup.environment.BACKUP = "dump";
+
+          networking = {
+            firewall = {
+              enable = true;
+              allowedTCPPorts = [ 80 ];
+            };
+            useHostResolvConf = lib.mkForce false;
+          };
+
+          services = {
+            resolved.enable = true;
+            gitlab = {
+              enable = true;
+              databasePasswordFile = pkgs.writeText "dbPassword" "bvBgWvctkFzXMVqAlNVyXJYbfJyqIIWF";
+              initialRootPasswordFile = pkgs.writeText "rootPassword" "demo123456";
+              secrets = {
+                secretFile = pkgs.writeText "secret" "EnekUctCqZJIFSyCAFWrYQUGUoJZuJWYyOwRjllSYqMjhTRAoeGBpvEEyGgzStBd";
+                otpFile = pkgs.writeText "otpsecret" "PyMHBYurnXlxBZnCJIYspJIsJDmRJEdojeBRYqbaruXEphzxWcpjsxhztFBokvCT";
+                dbFile = pkgs.writeText "dbsecret" "PIZxwIZmZkygBpxfQKLSyoaFmtIxzbmjlOeVSGhROfSqwMAXFwDlhZCGQenuBqOj";
+                jwsFile = pkgs.runCommand "oidcKeyBase" { } "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
+                activeRecordPrimaryKeyFile = pkgs.writeText "secret" "apMkGxzoorreGJlwIJihAywaoioezrKSwZAgrvPbodhsfjfPEWyTabbIdwxFuznv";
+                activeRecordDeterministicKeyFile = pkgs.writeText "secret" "FYzrCGwVyDmPQTfTsullsFxzkrPHKLfZtekpyKgeyfkvHyGlbuEYcQvEGROyxMIp";
+                activeRecordSaltFile = pkgs.writeText "secret" "HXgSMPUWTOsIPDwKHxoTDquMEPTSjUTiAxgndnTOWZkXAJySYBrZmbhiCNMtGDAd";
+              };
+              backup.startAt = [ "03:00" ];
+            };
+            nginx = {
+              enable = true;
+              recommendedProxySettings = true;
+              virtualHosts = {
+                localhost = {
+                  locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+                };
+              };
+            };
+            openssh.enable = true;
+          };
+        };
+    };
+  };
+}
--- a/users/demo/home/firefox.nix
+++ b/users/demo/home/firefox.nix
@ -113,6 +113,10 @@
                    name = "Nextcloud";
                    url = "http://localhost";
                  })
+                  (lib.mkIf osConfig.beancloud.software.gitlab {
+                    name = "Gitlab";
+                    url = "http://192.168.100.11";
+                  })
                ]];
              }
            ];