Price/NixOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(luna): working gitlab config

Browse Source 
🚀🚀🚀🚀🚀🚀🚀🚀
This commit is contained in:
Price Hiller 2023-10-28 03:05:37 -05:00
parent 004b79c667
commit fd24ea629f
Signed by: Price
SSH Key Fingerprint: SHA256:Y4S9ZzYphRn1W1kbJerJFO6GGsfu9O70VaBSxJO7dF8
11 changed files with 158 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
flake.lock
View File

@ -1,5 +1,68 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1696775529,
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1690797372,
@ -16,6 +79,22 @@
}
},
"nixpkgs": {
"locked": {
"lastModified": 1677676435,
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1693985761,
"narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
@ -33,8 +112,9 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
}
}
},

3
hosts/luna/modules/default.nix
View File

@ -3,10 +3,11 @@
{
imports = [
./services
./docker
./impermanence.nix
./nix.nix
./networking.nix
./programs.nix
./user.nix
./virtualisation.nix
];
}

20
hosts/luna/modules/docker/default.nix Normal file
View File

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
docker_24
docker-compose
];
virtualisation = {
oci-containers.backend = "docker";
containers.enable = true;
docker = {
enable = true;
autoPrune.enable = true;
package = pkgs.docker_24;
};
};
imports = [
./gitlab.nix
];
}

34
hosts/luna/modules/docker/gitlab.nix Normal file
View File

@ -0,0 +1,34 @@
{ ... }:
let
gitlab_home = "/opt/gitlab";
hostname = "gitlab.orion-technologies.io";
in
{
virtualisation.oci-containers.containers.gitlab = {
image = "gitlab/gitlab-ee:latest";
autoStart = true;
ports = [
"127.0.0.1:8080:80"
"2222:22"
];
volumes = [
"${gitlab_home}/config:/etc/gitlab"
"${gitlab_home}/logs:/var/log/gitlab"
"${gitlab_home}/data:/var/opt/gitlab"
];
extraOptions = [
"--shm-size=256m"
"--hostname=${hostname}"
];
};
networking.firewall.allowedTCPPorts = [
2222
];
services.nginx.virtualHosts."${hostname}" = {
locations."/".proxyPass = "http://127.0.0.1:8080";
forceSSL = true;
enableACME = true;
};
}

18
hosts/luna/modules/impermanence.nix Normal file
View File

@ -0,0 +1,18 @@
{ ... }:
{
environment.persistence = {
"/nix/persist" = {
hideMounts = true;
directories = [
"/var/lib"
"/var/log"
"/etc/nixos"
"/opt"
];
files = [
"/etc/machine-id"
"/etc/nix/id_rsa"
];
};
};
}

2
hosts/luna/modules/programs.nix
View File

@ -17,5 +17,7 @@
git
jq
rsync
rustc
cargo
];
}

3
hosts/luna/modules/services/default.nix
View File

@ -3,7 +3,6 @@
imports = [
./openssh.nix
./fail2ban.nix
# ./gitlab.nix
# ./nginx.nix
./nginx.nix
];
}

15
hosts/luna/modules/services/gitlab.nix
View File

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
services.gitlab = {
enable = true;
port = 80;
databasePasswordFile = pkgs.writeText "dbPassword" "test123";
initialRootPasswordFile = pkgs.writeText "rootPassword" "test123";
secrets = rec {
secretFile = pkgs.writeText "secret" "Aig5zaic";
otpFile = pkgs.writeText "otpsecret" "Riew9mue";
dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
jwsFile = pkgs.runCommand "oidcKeyBase" { } "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
};
};
}

8
hosts/luna/modules/services/nginx.nix
View File

@ -6,14 +6,6 @@
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"gitlab.orion-technologies.io" = {
locations."/".proxyPass = "http://unix:/var/gitlab/state/tmp/sockets/gitlab.socket";
forceSSL = true;
enableACME = true;
root = "/var/www/gitlab";
};
};
};
security.acme = {
acceptTerms = true;

7
hosts/luna/modules/virtualisation.nix
View File

@ -1,7 +0,0 @@
{ ... }:
{
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
}

15
hosts/luna/os/filesystem.nix
View File

@ -22,19 +22,4 @@
};
zramSwap.enable = true;
environment.persistence = {
"/nix/persist" = {
hideMounts = true;
directories = [
"/var/lib"
"/var/log"
"/etc/nixos"
];
files = [
"/etc/machine-id"
"/etc/nix/id_rsa"
];
};
};
}