[NixOS] Try gitlab on biskcomp

2024-10-20 16:29:38 -06:00
parent a2bbd4e04e
commit d4faa061dc
1 changed files with 17 additions and 9 deletions
--- a/nixos/machines/biskcomp.nix
+++ b/nixos/machines/biskcomp.nix
@@ -1,4 +1,4 @@
-{ forEachUser, ... }:
+{ pkgs, forEachUser, ... }:
 let biskcomp-nginx-hostnames = "192.168.1.44 railbird.ai 1896Folsom.duckdns.org biskcomp.local 0.0.0.0 67.162.131.71";
 in
 {
@@ -52,14 +52,17 @@ in
    defaults.email = "IvanMalison@gmail.com";
  };
-  # services.nextcloud = {
+  services.gitlab = {
-  #   enable = true;
+    enable = true;
-  #   hostName = "nextcloud.railbird.ai";
+    databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";
-  #   config = {
+    initialRootPasswordFile = pkgs.writeText "rootPassword" "dakqdvp4ovhksxer";
-  #     dbtype = "pgsql";
+    secrets = {
-  #     database.createLocally = true;
+      secretFile = pkgs.writeText "secret" "Aig5zaic";
-  #   };
+      otpFile = pkgs.writeText "otpsecret" "Riew9mue";
-  # };
+      dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
      jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
    };
  };
  services.nginx = {
    enable = true;
@@ -67,6 +70,11 @@ in
    recommendedGzipSettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
      "gitlab.railbird.ai" = {
        enableACME = true;
        forceSSL = true;
        locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
      };
      "vaultwarden.railbird.ai" = {
        enableACME = true;
        forceSSL = true;