nixos/modules/services/gitlab.nix

inputs:
{
  options.nixos.services.gitlab = let inherit (inputs.lib) mkOption types; in
  {
    enable = mkOption { type = types.bool; default = false; };
    hostname = mkOption { type = types.str; default = "gitlab.chn.moe"; };
  };
  config =
    let
      inherit (inputs.config.nixos.services) gitlab;
      inherit (inputs.lib) mkIf;
    in mkIf gitlab.enable
    {
      services.gitlab =
      {
        enable = true;
        host = gitlab.hostname;
        port = 443;
        https = true;
        smtp =
        {
          enable = true;
          address = "mail.chn.moe";
          username = "bot@chn.moe";
          passwordFile = inputs.config.sops.secrets."gitlab/mail".path;
          tls = true;
          enableStartTLSAuto = false;
          port = 465;
          domain = gitlab.hostname;
          authentication = "login";
        };
        extraConfig.gitlab.email_from = "bot@chn.moe";
        secrets =
        {
          secretFile = inputs.config.sops.secrets."gitlab/secret".path;
          otpFile = inputs.config.sops.secrets."gitlab/otp".path;
          jwsFile = inputs.config.sops.secrets."gitlab/jws".path;
          dbFile = inputs.config.sops.secrets."gitlab/dbFile".path;
        };
        initialRootPasswordFile = inputs.config.sops.secrets."gitlab/root".path;
        initialRootEmail = "bot@chn.moe";
        databasePasswordFile = inputs.config.sops.secrets."gitlab/db".path;
        databaseHost = "127.0.0.1";
      };
      nixos.services =
      {
        nginx =
        {
          enable = true;
          https."${gitlab.hostname}".location."/".proxy.upstream = "http://unix:/run/gitlab/gitlab-workhorse.socket";
        };
        postgresql.instances.gitlab = {};
      };
      sops.secrets = let owner = inputs.config.services.gitlab.user; in
      {
        "gitlab/mail" = { owner = owner; key = "mail/bot"; };
        "gitlab/secret".owner = owner;
        "gitlab/otp".owner = owner;
        "gitlab/jws" =
        {
          owner = owner;
          sopsFile =
            "${inputs.topInputs.self}/secrets/${inputs.config.nixos.system.networking.hostname}/gitlab/jws.bin";
          format = "binary";
        };
        "gitlab/dbFile".owner = owner;
        "gitlab/root".owner = owner;
        "gitlab/db" = { owner = owner; key = "postgresql/gitlab"; };
        "mail/bot" = {};
      };
    };
}
services.gitlab: preprare 2023-11-19 22:01:36 +08:00			`inputs:`
			`{`
			`options.nixos.services.gitlab = let inherit (inputs.lib) mkOption types; in`
			`{`
			`enable = mkOption { type = types.bool; default = false; };`
			`hostname = mkOption { type = types.str; default = "gitlab.chn.moe"; };`
			`};`
			`config =`
			`let`
			`inherit (inputs.config.nixos.services) gitlab;`
			`inherit (inputs.lib) mkIf;`
			`in mkIf gitlab.enable`
			`{`
			`services.gitlab =`
			`{`
			`enable = true;`
			`host = gitlab.hostname;`
services.gitlab: fix port number 2023-11-20 22:23:45 +08:00			`port = 443;`
services.gitlab: preprare 2023-11-19 22:01:36 +08:00			`https = true;`
			`smtp =`
			`{`
			`enable = true;`
services.gitlab: fix smtp 2023-11-20 21:19:24 +08:00			`address = "mail.chn.moe";`
services.gitlab: prepare 2023-11-20 15:03:02 +08:00			`username = "bot@chn.moe";`
services.gitlab: fix smtp 2023-11-20 21:19:24 +08:00			`passwordFile = inputs.config.sops.secrets."gitlab/mail".path;`
services.gitlab: preprare 2023-11-19 22:01:36 +08:00			`tls = true;`
services.gitlab: fix smtp 2023-11-20 21:19:24 +08:00			`enableStartTLSAuto = false;`
services.gitlab: preprare 2023-11-19 22:01:36 +08:00			`port = 465;`
			`domain = gitlab.hostname;`
services.gitlab: prepare 2023-11-20 15:03:02 +08:00			`authentication = "login";`
			`};`
services.gitlab: add email_from option 2023-11-20 22:25:47 +08:00			`extraConfig.gitlab.email_from = "bot@chn.moe";`
services.gitlab: prepare 2023-11-20 15:03:02 +08:00			`secrets =`
			`{`
			`secretFile = inputs.config.sops.secrets."gitlab/secret".path;`
			`otpFile = inputs.config.sops.secrets."gitlab/otp".path;`
			`jwsFile = inputs.config.sops.secrets."gitlab/jws".path;`
services.gitlab: init 2023-11-20 20:15:53 +08:00			`dbFile = inputs.config.sops.secrets."gitlab/dbFile".path;`
services.gitlab: preprare 2023-11-19 22:01:36 +08:00			`};`
services.gitlab: prepare 2023-11-20 15:03:02 +08:00			`initialRootPasswordFile = inputs.config.sops.secrets."gitlab/root".path;`
services.gitlab: fix smtp 2023-11-20 21:19:24 +08:00			`initialRootEmail = "bot@chn.moe";`
services.gitlab: prepare 2023-11-20 15:03:02 +08:00			`databasePasswordFile = inputs.config.sops.secrets."gitlab/db".path;`
			`databaseHost = "127.0.0.1";`
services.gitlab: init 2023-11-20 20:15:53 +08:00			`};`
			`nixos.services =`
			`{`
			`nginx =`
			`{`
			`enable = true;`
services.gitlab: fix nginx 2023-11-20 20:51:57 +08:00			`https."${gitlab.hostname}".location."/".proxy.upstream = "http://unix:/run/gitlab/gitlab-workhorse.socket";`
services.gitlab: init 2023-11-20 20:15:53 +08:00			`};`
			`postgresql.instances.gitlab = {};`
			`};`
			`sops.secrets = let owner = inputs.config.services.gitlab.user; in`
			`{`
			`"gitlab/mail" = { owner = owner; key = "mail/bot"; };`
			`"gitlab/secret".owner = owner;`
			`"gitlab/otp".owner = owner;`
			`"gitlab/jws" =`
move default secrets to subdirs 2023-12-07 16:24:22 +08:00			`{`
			`owner = owner;`
			`sopsFile =`
			`"${inputs.topInputs.self}/secrets/${inputs.config.nixos.system.networking.hostname}/gitlab/jws.bin";`
			`format = "binary";`
			`};`
services.gitlab: init 2023-11-20 20:15:53 +08:00			`"gitlab/dbFile".owner = owner;`
			`"gitlab/root".owner = owner;`
			`"gitlab/db" = { owner = owner; key = "postgresql/gitlab"; };`
			`"mail/bot" = {};`
			`};`
			`};`
			`}`