64 lines
2.3 KiB
Nix
64 lines
2.3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
{
|
|
config = lib.mkIf (config.beancloud.software.gitlab) {
|
|
beancloud.network.nat = true;
|
|
containers.gitlab = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = "192.168.100.11";
|
|
config =
|
|
{
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
system.stateVersion = "25.05";
|
|
systemd.services.gitlab-backup.environment.BACKUP = "dump";
|
|
|
|
networking = {
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 80 ];
|
|
};
|
|
useHostResolvConf = lib.mkForce false;
|
|
};
|
|
|
|
services = {
|
|
resolved.enable = true;
|
|
gitlab = {
|
|
enable = true;
|
|
databasePasswordFile = pkgs.writeText "dbPassword" "bvBgWvctkFzXMVqAlNVyXJYbfJyqIIWF";
|
|
initialRootPasswordFile = pkgs.writeText "rootPassword" "demo123456";
|
|
secrets = {
|
|
secretFile = pkgs.writeText "secret" "EnekUctCqZJIFSyCAFWrYQUGUoJZuJWYyOwRjllSYqMjhTRAoeGBpvEEyGgzStBd";
|
|
otpFile = pkgs.writeText "otpsecret" "PyMHBYurnXlxBZnCJIYspJIsJDmRJEdojeBRYqbaruXEphzxWcpjsxhztFBokvCT";
|
|
dbFile = pkgs.writeText "dbsecret" "PIZxwIZmZkygBpxfQKLSyoaFmtIxzbmjlOeVSGhROfSqwMAXFwDlhZCGQenuBqOj";
|
|
jwsFile = pkgs.runCommand "oidcKeyBase" { } "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
|
|
activeRecordPrimaryKeyFile = pkgs.writeText "secret" "apMkGxzoorreGJlwIJihAywaoioezrKSwZAgrvPbodhsfjfPEWyTabbIdwxFuznv";
|
|
activeRecordDeterministicKeyFile = pkgs.writeText "secret" "FYzrCGwVyDmPQTfTsullsFxzkrPHKLfZtekpyKgeyfkvHyGlbuEYcQvEGROyxMIp";
|
|
activeRecordSaltFile = pkgs.writeText "secret" "HXgSMPUWTOsIPDwKHxoTDquMEPTSjUTiAxgndnTOWZkXAJySYBrZmbhiCNMtGDAd";
|
|
};
|
|
backup.startAt = [ "03:00" ];
|
|
};
|
|
nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
virtualHosts = {
|
|
localhost = {
|
|
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
|
};
|
|
};
|
|
};
|
|
openssh.enable = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
} |