add gitlab

2024-05-05 21:24:08 -04:00 · 2024-05-05 21:24:08 -04:00 · 5d7affba07
commit 5d7affba07
parent 47c3be2ab5
6 changed files with 66 additions and 1 deletions
--- a/hosts/pluto/services/gitlab.nix
+++ b/hosts/pluto/services/gitlab.nix
@ -1,4 +1,35 @@
 {
-  services.gitlab = {
+  config,
  pkgs,
  ...
 }: let
  sec = config.age.secrets;
 in {
  age.secrets = {
    gitlab_db.file = ../../../sec/gitlab_db.age;
    gitlab_initpw.file = ../../../src/gitlab_initpw.age;
    gitlab_otp.file = ../../../sec/gitlab_otp.age;
    gitlab_pw.file = ../../../sec/gitlab_pw.age;
    gitlab_sec.file = ../../../sec/gitlab_sec.age;
  };
  services.gitlab = {
    enable = true;
    databasePasswordFile = sec.gitlab_db.path;
    initialRootPasswordFile = sec.gitlab_initpw.path;
    secrets = {
      secretFile = sec.gitlab_sec.path;
      otpFile = sec.gitlab_otp.path;
      dbFile = sec.gitlab_db.path;
      jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
    };
  };
  services.nginx.virtualHosts."git.zackmyers.io" = {
    forceSSL = true;
    enableACME = true;
    locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
  };
  systemd.services.gitlab-backup.environment.BACKUP = "dump";
 }
--- a/sec/gitlab_db.age
+++ b/sec/gitlab_db.age
--- a/sec/gitlab_initpw.age
+++ b/sec/gitlab_initpw.age
--- a/sec/gitlab_otp.age
+++ b/sec/gitlab_otp.age
@ -0,0 +1,12 @@
 age-encryption.org/v1
 -> ssh-ed25519 gWMdNg QLS11Q5VVV+CSO3ABvuAjoKrn9Ngr9SfQgUavXcJ2Cc
 mpaNeqlJCwq0ZTUwgS6ikaZXAnKPtusRH7UxIGbaZR8
 -> ssh-ed25519 s+NXzQ 5m2L4IfDL86NwPio8QaU7tKUpeyzpn4KKILjSz5aSDU
 eVRvK2SnHO3x9hrYQ+8HDbB0EQWf3oKyY+XuLP97dYI
 -> ssh-ed25519 yEtzbQ Wehlo8c0ggz4Lo7Rnsb/Forlr1bD2OXXaaffI4BLwnw
 UeX3lmyvW/eBBbbDqBR1CSyBSJLnqlCmPyikIPu1bSA
 -> ssh-ed25519 RMNffg 0+nJtxu6ZQ/08gHe/BMz5kcr+xtuGKOakqUt8G+vxzM
 2Lee87QLUGG3tEqS9Dv7RYJ1rkD1JKs4aHWf23VmzPw
 --- UBfkhnuhW71Do8qc1Qi/MiUbHopvnqcDkm9rNOlndIw
 K
 ¬Ø'‡Q	±ëõ¨XJ—d:¯®¾ì}¾<>±áÀ(4¤Êzu6Ô3¼
Ø¢ÛŸIG]Â„BÂ@NÔP&ˆª7¡¾‚<
--- a/sec/gitlab_pw.age
+++ b/sec/gitlab_pw.age
@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 gWMdNg RnK0NTHFFLDVr3Tprxjxyqmwysj2FQDY90eb4XeKGDc
 cjsHyNmm3jl2rE/vrSHj11z99NWKQr74pyE+dDnvwkM
 -> ssh-ed25519 s+NXzQ vEo6fgYpEBK7awnuhhCCotp/ZJIXP0Oe+Ubclk3R8Hw
 J1OVdLdB9mL/kqbRvyI7I9pA8v3pOa9h4zf01Ex3ahE
 -> ssh-ed25519 yEtzbQ 6hueq9fdq0eqzw0DwpnzEnumpqhuFZr3X34cpjMi0RM
 8yciNrgnth5jSgzNDQKVcuWwU7FfTaWIUUlYnWq0TRk
 -> ssh-ed25519 RMNffg gz+19esQsg57A/CPRwf6zPlzZ2mgoEmc2SwFf1tywn0
 OoMengIceY3hXg77OADBWEVfblVfR6LLQH+65+8YFyU
 --- MYfJC2tPFoeGW7r+FykP0ZFDVj+ATtkNKKDmqF7JcCg
 .4éRbjÙ»=àt"/q+<2B><>Àß~‡–uŽ,<òœ»uÇmhpqÌ¦Æ’¿§˜‘3VO5‘ù±:ô…(ñè
--- a/sec/gitlab_sec.age
+++ b/sec/gitlab_sec.age
@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 gWMdNg AABvJQahR0CWvdNngKHyV58DtGh3VWKJDIulZpMh8FY
 02oHHyrI79V2XPa18KFd3PBqilcfPXFKWcWRIGhAh5E
 -> ssh-ed25519 s+NXzQ ChzQaM2slin1U4YuqPxWzERc6f7KlAlUzi+mctCEbgo
 LnX9est+vDxHj8RLOeY5OK9MeYntkTE49Ar6Pnw1l1Q
 -> ssh-ed25519 yEtzbQ 1hVV52NlaFBTLACj8ZKh3vazmaS7fJWs3rtO7HK9NgM
 y2EDkxijP/eVRGRaZjzIB4G9FFJQ8O/XFiKrPZDF7bM
 -> ssh-ed25519 RMNffg 8mZ6sxNfhxNalYjkT8mDT1PZKTvp/7p3BUs+lUS2S2o
 5E1n+dV04+ZwaJZ/VeUOHKrrL3lBdtlQFiAx/ttwAD0
 --- Sgm5iMT1Uqmb4U4ZTxWyvX40tuivnfDHO/jTPS37i68
 8uî˜>†¿ž2]£²}DºYBq¹ìDFêiƒUÅ<¬ìW4“<34>[“ËCc¤b\ïªKimR—#IZË‘…³=‚õGó±