{ config, lib, ... }: { config = lib.mkIf (config.beancloud.software.gitlab) { beancloud.network.nat = true; containers.gitlab = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; config = { pkgs, lib, ... }: { system.stateVersion = "25.05"; systemd.services.gitlab-backup.environment.BACKUP = "dump"; networking = { firewall = { enable = true; allowedTCPPorts = [ 80 ]; }; useHostResolvConf = lib.mkForce false; }; services = { resolved.enable = true; gitlab = { enable = true; databasePasswordFile = pkgs.writeText "dbPassword" "bvBgWvctkFzXMVqAlNVyXJYbfJyqIIWF"; initialRootPasswordFile = pkgs.writeText "rootPassword" "demo123456"; secrets = { secretFile = pkgs.writeText "secret" "EnekUctCqZJIFSyCAFWrYQUGUoJZuJWYyOwRjllSYqMjhTRAoeGBpvEEyGgzStBd"; otpFile = pkgs.writeText "otpsecret" "PyMHBYurnXlxBZnCJIYspJIsJDmRJEdojeBRYqbaruXEphzxWcpjsxhztFBokvCT"; dbFile = pkgs.writeText "dbsecret" "PIZxwIZmZkygBpxfQKLSyoaFmtIxzbmjlOeVSGhROfSqwMAXFwDlhZCGQenuBqOj"; jwsFile = pkgs.runCommand "oidcKeyBase" { } "${pkgs.openssl}/bin/openssl genrsa 2048 > $out"; activeRecordPrimaryKeyFile = pkgs.writeText "secret" "apMkGxzoorreGJlwIJihAywaoioezrKSwZAgrvPbodhsfjfPEWyTabbIdwxFuznv"; activeRecordDeterministicKeyFile = pkgs.writeText "secret" "FYzrCGwVyDmPQTfTsullsFxzkrPHKLfZtekpyKgeyfkvHyGlbuEYcQvEGROyxMIp"; activeRecordSaltFile = pkgs.writeText "secret" "HXgSMPUWTOsIPDwKHxoTDquMEPTSjUTiAxgndnTOWZkXAJySYBrZmbhiCNMtGDAd"; }; backup.startAt = [ "03:00" ]; }; nginx = { enable = true; recommendedProxySettings = true; virtualHosts = { localhost = { locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; }; }; }; openssh.enable = true; }; }; }; }; }