50 lines
1.2 KiB
Nix
50 lines
1.2 KiB
Nix
|
{ config, pkgs, lib, ... }:
|
||
|
|
let domain = "gitlab.space-left.org";
|
||
|
|
in {
|
||
|
|
|
||
|
|
# setup gitlab
|
||
|
|
services.gitlab = {
|
||
|
|
enable = true;
|
||
|
|
host = domain;
|
||
|
|
databasePasswordFile = "path/todo";
|
||
|
|
initialRootPasswordFile = "path/todo";
|
||
|
|
|
||
|
|
secrets = {
|
||
|
|
# Make sure the secret is at least 30 characters and all random,
|
||
|
|
# no regular words or you'll be exposed to dictionary attacks
|
||
|
|
dbFile = "path/todo";
|
||
|
|
|
||
|
|
# openssl genrsa 2048
|
||
|
|
jwsFile = "path/todo";
|
||
|
|
|
||
|
|
# Make sure the secret is at least 30 characters and all random,
|
||
|
|
# no regular words or you'll be exposed to dictionary attacks
|
||
|
|
otpFile = "path/todo";
|
||
|
|
|
||
|
|
# Make sure the secret is at least 30 characters and all random,
|
||
|
|
# no regular words or you'll be exposed to dictionary attacks
|
||
|
|
secretFile = "path/todo";
|
||
|
|
};
|
||
|
|
|
||
|
|
# smtp?
|
||
|
|
|
||
|
|
# gitlab-runner?
|
||
|
|
};
|
||
|
|
|
||
|
|
# setup nginx for gitlab
|
||
|
|
services.nginx = {
|
||
|
|
enable = true;
|
||
|
|
recommendedProxySettings = true;
|
||
|
|
|
||
|
|
virtualHosts."${domain}" = {
|
||
|
|
enableACME = true;
|
||
|
|
forceSSL = true;
|
||
|
|
locations."/" = {
|
||
|
|
proxyPass = "http://127.0.0.1:${toString config.services.gitlab.port}";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
}
|
||
|
|
|