trying gitlab again
This commit is contained in:
@@ -7,6 +7,31 @@
|
||||
|
||||
config = lib.mkIf config.sysconfig.opts.virtualization.gitlab.enable {
|
||||
|
||||
sops.secrets."gitlab/dbpass" = {
|
||||
|
||||
path = "/ssd1/Gitlab/dbpass";
|
||||
};
|
||||
sops.secrets."gitlab/root_pass" = {
|
||||
|
||||
path = "/ssd1/Gitlab/rootpass";
|
||||
};
|
||||
sops.secrets."gitlab/secrets/secret" = {
|
||||
|
||||
path = "/ssd1/Gitlab/secret";
|
||||
};
|
||||
sops.secrets."gitlab/secrets/otp" = {
|
||||
|
||||
path = "/ssd1/Gitlab/otp";
|
||||
};
|
||||
sops.secrets."gitlab/secrets/db" = {
|
||||
|
||||
path = "/ssd1/Gitlab/db";
|
||||
};
|
||||
sops.secrets."gitlab/secrets/jws" = {
|
||||
|
||||
path = "/ssd1/Gitlab/jws";
|
||||
};
|
||||
|
||||
containers.gitlab = {
|
||||
|
||||
autoStart = true;
|
||||
@@ -14,23 +39,35 @@
|
||||
hostAddress = "192.168.100.10";
|
||||
localAddress = "192.168.100.16";
|
||||
bindMounts = {
|
||||
"/etc/gitlab/data" = {
|
||||
hostPath = "/ssd1/Gitlab/data";
|
||||
"/etc/gitlab" = {
|
||||
hostPath = "/ssd1/Gitlab";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
config = {
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"z /etc/gitlab/dbpass - gitlab gitlab"
|
||||
"z /etc/gitlab/rootpass - gitlab gitlab"
|
||||
"z /etc/gitlab/db - gitlab gitlab"
|
||||
"z /etc/gitlab/secret - gitlab gitlab"
|
||||
"z /etc/gitlab/jws - gitlab gitlab"
|
||||
"z /etc/gitlab/otp - gitlab gitlab"
|
||||
];
|
||||
|
||||
services.gitlab = {
|
||||
enable = true;
|
||||
#https = true;
|
||||
#port = 443;
|
||||
#host = "localhost";
|
||||
databasePasswordFile = pkgs.writeText "dbPassword" "hellothere!";
|
||||
initialRootPasswordFile = pkgs.writeText "rootPassword" "generalkenobi";
|
||||
https = true;
|
||||
port = 443;
|
||||
host = "localhost";
|
||||
databasePasswordFile = "/etc/gitlab/dbpass";
|
||||
initialRootPasswordFile = "/etc/gitlab/rootpass";
|
||||
|
||||
secrets = {
|
||||
|
||||
secretFile = "/etc/gitlab/secret";
|
||||
otpFile = "/etc/gitlab/otp";
|
||||
dbFile = "/etc/gitlab/db";
|
||||
jwsFile = "/etc/gitlab/jws";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -1,21 +1,57 @@
|
||||
{ config, lib, pkgs, ... }: {
|
||||
{ config, lib, pkgs, inputs, ... }: {
|
||||
|
||||
options.sysconfig.opts.virtualization.nextcloud.enable = lib.options.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
imports = [
|
||||
inputs.simple-nixos-mailserver.nixosModule
|
||||
];
|
||||
|
||||
config = lib.mkIf config.sysconfig.opts.virtualization.nextcloud.enable {
|
||||
|
||||
sops.templates."nextcloud_pass.txt" = {
|
||||
content = ''
|
||||
${config.sops.placeholder."nextcloud/pass"}
|
||||
'';
|
||||
/*mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.blunkall.com";
|
||||
domains = [ "blunkall.us" ];
|
||||
|
||||
path = "/ssd1/Nextcloud/nextcloud_pass.txt";
|
||||
loginAccounts = {
|
||||
"user1@blunkall.us" = {
|
||||
hashedPasswordFile = "";
|
||||
|
||||
};
|
||||
};
|
||||
};*/
|
||||
|
||||
services.nginx.virtualHosts."localhost".listen = [ { addr = "0.0.0.0"; port = 8081; } ];
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud30;
|
||||
hostName = "localhost";
|
||||
config = {
|
||||
adminpassFile = config.sops.secrets."nextcloud/pass".path;
|
||||
adminuser = "root";
|
||||
dbtype = "mysql";
|
||||
};
|
||||
https = true;
|
||||
datadir = "/ssd1/Nextcloud/data";
|
||||
home = "/ssd1/Nextcloud/nextcloud_home";
|
||||
appstoreEnable = true;
|
||||
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||
inherit mail contacts calendar tasks user_oidc;
|
||||
};
|
||||
extraAppsEnable = true;
|
||||
settings = {
|
||||
overwriteprotocol = "https";
|
||||
trusted_domains = [ "nextcloud.blunkall.us" ];
|
||||
trusted_proxies = [ "192.168.100.11" ];
|
||||
default_phone_region = "US";
|
||||
};
|
||||
database.createLocally = true;
|
||||
};
|
||||
|
||||
containers.nextcloud = {
|
||||
/*containers.nextcloud = {
|
||||
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
@@ -24,33 +60,26 @@
|
||||
|
||||
bindMounts = {
|
||||
|
||||
"/var/lib/nextcloud" = {
|
||||
"/etc/nextcloud" = {
|
||||
hostPath = "/ssd1/Nextcloud";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
config = { config, lib, pkgs, ... }: {
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
services.nginx.virtualHosts."192.168.100.16".listen = [ { addr = "0.0.0.0"; port = 80; } ];
|
||||
environment.etc."nextcloud-admin-pass".text = "//falconAdjacent42";
|
||||
services.nextcloud = {
|
||||
|
||||
enable = true;
|
||||
package = pkgs.nextcloud30;
|
||||
hostName = "localhost";
|
||||
config.adminpassFile = "/var/lib/nextcloud/nextcloud_pass.txt";
|
||||
datadir = "/var/lib/nextcloud/data";
|
||||
home = "/var/lib/nextcloud/nextcloud_home";
|
||||
https = true;
|
||||
maxUploadSize = "5G";
|
||||
settings = {
|
||||
overwriteprotocol = "https";
|
||||
};
|
||||
package = pkgs.nextcloud28;
|
||||
hostName = "192.168.100.16";
|
||||
config.adminpassFile = "/etc/nextcloud-admin-pass";
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
system.stateVersion = "23.05";
|
||||
};
|
||||
};
|
||||
};*/
|
||||
};
|
||||
}
|
||||
|
||||
@@ -128,32 +128,44 @@
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
rule = "Host(`blunkall.us`) || Host(`www.blunkall.us`)";
|
||||
service = "homepage";
|
||||
tls.certResolver = "cloudflare";
|
||||
middlewares = [
|
||||
"authentik"
|
||||
];
|
||||
};
|
||||
nathan = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
rule = "Host(`nathan.blunkall.us`)";
|
||||
service = "homepage";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
jellyfin = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
rule = "Host(`jellyfin.blunkall.us`)";
|
||||
service = "jellyfin";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
auth = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
rule = "Host(`auth.blunkall.us`)";
|
||||
service = "authentik";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
/*gitlab = {
|
||||
gitlab = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
rule = "Host(`gitlab.blunkall.us`)";
|
||||
service = "gitlab";
|
||||
};*/
|
||||
service = "homepage";
|
||||
tls.certResolver = "cloudflare";
|
||||
#middlewares = [ "authentik" ];
|
||||
};
|
||||
|
||||
nextcloud = {
|
||||
entryPoints = [ "localsecure" "websecure" ];
|
||||
rule = "Host(`nextcloud.blunkall.us`)";
|
||||
service = "nextcloud";
|
||||
tls.certResolver = "cloudflare";
|
||||
middlewares = [
|
||||
"nextcloud_redirectregex"
|
||||
];
|
||||
@@ -163,12 +175,14 @@
|
||||
entryPoints = [ "localsecure" ];
|
||||
rule = "Host(`traefik.local.blunkall.us`)";
|
||||
service = "api@internal";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
|
||||
pihole = {
|
||||
entryPoints = [ "localsecure" ];
|
||||
rule = "Host(`pihole.local.blunkall.us`)";
|
||||
service = "pihole";
|
||||
tls.certResolver = "cloudflare";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -193,8 +207,8 @@
|
||||
|
||||
nextcloud_redirectregex.redirectregex = {
|
||||
permanent = true;
|
||||
regex = "https://(.*)/.well-known/(?:card|cal)dav";
|
||||
replacement = "https://$${1}/remote.php/dav";
|
||||
regex = "https://nextcloud.blunkall.us/.well-known/(?:card|cal)dav";
|
||||
replacement = "https://nextcloud.blunkall.us/remote.php/dav";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -209,7 +223,7 @@
|
||||
|
||||
pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
|
||||
|
||||
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
|
||||
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.10:8081"; } ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user