2023-11-19 22:01:36 +08:00
|
|
|
inputs:
|
|
|
|
{
|
|
|
|
options.nixos.services.gitlab = let inherit (inputs.lib) mkOption types; in
|
|
|
|
{
|
|
|
|
enable = mkOption { type = types.bool; default = false; };
|
|
|
|
hostname = mkOption { type = types.str; default = "gitlab.chn.moe"; };
|
|
|
|
};
|
|
|
|
config =
|
|
|
|
let
|
|
|
|
inherit (inputs.config.nixos.services) gitlab;
|
|
|
|
inherit (inputs.lib) mkIf;
|
|
|
|
in mkIf gitlab.enable
|
|
|
|
{
|
|
|
|
services.gitlab =
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
host = gitlab.hostname;
|
2023-11-20 22:23:45 +08:00
|
|
|
port = 443;
|
2023-11-19 22:01:36 +08:00
|
|
|
https = true;
|
|
|
|
smtp =
|
|
|
|
{
|
|
|
|
enable = true;
|
2023-11-20 21:19:24 +08:00
|
|
|
address = "mail.chn.moe";
|
2023-11-20 15:03:02 +08:00
|
|
|
username = "bot@chn.moe";
|
2023-11-20 21:19:24 +08:00
|
|
|
passwordFile = inputs.config.sops.secrets."gitlab/mail".path;
|
2023-11-19 22:01:36 +08:00
|
|
|
tls = true;
|
2023-11-20 21:19:24 +08:00
|
|
|
enableStartTLSAuto = false;
|
2023-11-19 22:01:36 +08:00
|
|
|
port = 465;
|
|
|
|
domain = gitlab.hostname;
|
2023-11-20 15:03:02 +08:00
|
|
|
authentication = "login";
|
|
|
|
};
|
2023-11-20 22:25:47 +08:00
|
|
|
extraConfig.gitlab.email_from = "bot@chn.moe";
|
2023-11-20 15:03:02 +08:00
|
|
|
secrets =
|
|
|
|
{
|
|
|
|
secretFile = inputs.config.sops.secrets."gitlab/secret".path;
|
|
|
|
otpFile = inputs.config.sops.secrets."gitlab/otp".path;
|
|
|
|
jwsFile = inputs.config.sops.secrets."gitlab/jws".path;
|
2023-11-20 20:15:53 +08:00
|
|
|
dbFile = inputs.config.sops.secrets."gitlab/dbFile".path;
|
2023-11-19 22:01:36 +08:00
|
|
|
};
|
2023-11-20 15:03:02 +08:00
|
|
|
initialRootPasswordFile = inputs.config.sops.secrets."gitlab/root".path;
|
2023-11-20 21:19:24 +08:00
|
|
|
initialRootEmail = "bot@chn.moe";
|
2023-11-20 15:03:02 +08:00
|
|
|
databasePasswordFile = inputs.config.sops.secrets."gitlab/db".path;
|
|
|
|
databaseHost = "127.0.0.1";
|
2023-11-20 20:15:53 +08:00
|
|
|
};
|
|
|
|
nixos.services =
|
|
|
|
{
|
|
|
|
nginx =
|
|
|
|
{
|
|
|
|
enable = true;
|
2023-11-20 20:51:57 +08:00
|
|
|
https."${gitlab.hostname}".location."/".proxy.upstream = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
2023-11-20 20:15:53 +08:00
|
|
|
};
|
|
|
|
postgresql.instances.gitlab = {};
|
|
|
|
};
|
|
|
|
sops.secrets = let owner = inputs.config.services.gitlab.user; in
|
|
|
|
{
|
|
|
|
"gitlab/mail" = { owner = owner; key = "mail/bot"; };
|
|
|
|
"gitlab/secret".owner = owner;
|
|
|
|
"gitlab/otp".owner = owner;
|
|
|
|
"gitlab/jws" =
|
2023-11-20 20:53:34 +08:00
|
|
|
{ owner = owner; sopsFile = "${inputs.topInputs.self}/secrets/gitlab/jws.bin"; format = "binary"; };
|
2023-11-20 20:15:53 +08:00
|
|
|
"gitlab/dbFile".owner = owner;
|
|
|
|
"gitlab/root".owner = owner;
|
|
|
|
"gitlab/db" = { owner = owner; key = "postgresql/gitlab"; };
|
|
|
|
"mail/bot" = {};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|