Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

trying gitlab again

Browse Source
This commit is contained in:
blaknull
2024-11-17 11:11:55 -06:00
parent 77662166bf
commit 18290aa55a
7 changed files with 336 additions and 491 deletions
Download Patch File Download Diff File Expand all files Collapse all files

641
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

6
flake.nix
View File

@@ -16,9 +16,9 @@
inputs.nixpkgs.follows = "nixpkgs";
};
arion.url = "github:hercules-ci/arion";
#arion.url = "github:hercules-ci/arion";
authentik-nix.url = "github:nix-community/authentik-nix";
#authentik-nix.url = "github:nix-community/authentik-nix";
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
@@ -30,6 +30,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
system.url = "./system-config";
nixvim.url = "/ssd1/Projects/Nixvim";

11
system-config/configuration/homebox/default.nix
View File

@@ -88,9 +88,9 @@
networking = {
hostName = "homebox";
nameservers = [ "127.0.0.1" ];
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 22 80 443 9000 8080 ];
firewall.allowedTCPPorts = [ 22 80 443 9000 8080 8081 ];
hosts = {
"192.168.100.11" = [ "blunkall.us" "*.blunkall.us" "*.local.blunkall.us" ];
};
@@ -194,10 +194,9 @@
"pihole/pass" = {};
"gitlab/db_pass" = {};
"gitlab/root_pass" = {};
"nextcloud/pass" = {};
"nextcloud/pass" = {
owner = "nextcloud";
};
};
};

13
system-config/configuration/homebox/secrets/secrets.yaml
View File

@@ -6,8 +6,13 @@ authentik:
pihole:
pass: ENC[AES256_GCM,data:hintZA==,iv:HA5K8mHYlLtf5s8iaLI/QRolYgcKwG8DWCH+LXnWI4k=,tag:DlnXxG0n9dBVpk2kILlPKg==,type:str]
gitlab:
db_pass: ""
root_pass: ""
db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str]
root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str]
secrets:
secret: ENC[AES256_GCM,data:3/26giCD58RErtEDxQ90KxRl3aa8oH4co2Urw21r7hHCKaoSti1VpYoBtlvHdr5j,iv:SwliwLWSFfTZoc31JSm9YKBDGKiPQE7ujkiGaZmCQUc=,tag:2KT5BpJukixvhb6tnZb6lw==,type:str]
otp: ENC[AES256_GCM,data:RWOkQVPRsrJgPVtx49hiWRMAxVOszKxaDl40XQDL+QoDuoZi03wSxHiu4Ix9X2BR,iv:uO+CTR5S4r1q7n1ycQw0hYdu8JflSrvkgLiBbCmT8mk=,tag:gqCwNOqD78lFtgxUPyUw3A==,type:str]
db: ENC[AES256_GCM,data:rF4IIp1uFSGa67LVm8fy4/qFOmZLInRcG2IAfnuZG3+xtS9Z2RXpNcTZNFBDdOaD,iv:/KYwf3ZH6w48L49rY/FmaGQOt3jGdOUTZ9vFhmLZG60=,tag:f38iYIgpgdjWF34qD1fz2w==,type:str]
jws: ENC[AES256_GCM,data:C+GVDeO319QGjq2+fBMr1LaY6/6Tuz6jWomkvFVul6ydJjmMFO3A9dYI66WWY6g2iZgYEWDKUikW1qDK5sGgU5ZAZzaqS01LUsSsPHUcMqIg/AjtcRfaEvHYODYPPSEwdISzhceDaim8yqhrNTIOHUHvOxcILvtUmsI61hNfVSnOQbqifIJDgGP7bKaf96t8+qcBvp/UBwP1qHj/m4jD83yc8Pdih+ZuPmyNdo3Ew0nbLTykYVX3XsrO1RlJ/Gp+KPfRSJzVGAnqUKr8mI+32LUpXSJ96bEGA67/blSh1dbBxSVo3K83aZYuY6vvXb+Et6qd4piZYKGCxA+waSrTkYHvSgS5vJRbCGWauXKCYFASxxqmdJ3cu+rbphbshBVA3SIPHhZxun6BWaP0qTYZyfB/YsSU4J+kYiE3UEYX9GYEAY9bsO89IYZSsTsmYke2EI4KMcjyUFstZ2WTYqCpwJ6CMAuerDEMHP6N3xCO5MVDZfE4sKKHpfSCVQg8ak7IxV+3jZvZi2tUbvZZf/tYORzPeTUSEpcC4cGwwAJd3XKUetaiuDwQVkLa13xotfL0d+Lwc6eZil0e/sureLqvQM6kpWhK7yscu2hKGOzxx/OZClry2Uyc1fL5iWWxvM8Djg+ShoAS5m3Nt0R+mcLdgaylkZvMl9gNWFO1uzlnhGnJQtekVaXCJ9f9QZt5RizJYwM9pMKhSDTZ0vd4y69iZpz3YXhKtkvYX02RIFtTiqsbyU0pXVjK0SpKsb5T+yphacGeZRwQS9QadW9dE6xQsxwwYC//swm5l6ke+DyZrcsc/J+MBHFuN71D2st+jtfywZYg/YT9EcCFOMjqEgfDq7YICgyqfqRGAdVWQy660T5Mi+gYKcHqbYXaaB3VNL2RGIu/uybih/7ynGRM2+0ro9oKJ+fEbdi1alSFFJ0IvA5lU6XHd2CSyizEC9ak+HBLkYeSqOPfItfLH82jRiUtrY5u4fIlioLQTA1aKHax6q8cIf30FCGenhjM6jMj2WpXKI16+1xK9Om9mg94YmFjM+erQh3o/fbPuMbkNaNJQwabupshBK2h3caaE0cDUnDukUFUANHz9q5LVxSkw39GTjGpovxQJiZHbSdeIC/AzFXRVA1ojhzkeuefygdP27Aa+fLjEBn2x8AcdhyP1n8lQyjy0Wnxq9hJDbVXJF93FIdcCmF/JGejgHcr3YZUMY4OFG9gzISDEdgR99fYvKM+A9Pj2JNtCQ5iKCctg5opIEKA1z4RIpRQs0KmXq3JgjWhU1LeOWaX2YzS5rCJWyhxnTJXGk4a/cMvhbLRjFOKcDNNMp8yJrXk1pth7nFOJ4Put6o67jtjbgpgnPuEdelnXEEaReCfJEo2z8zka63kYqbIvcG4W2pKwsA4tT0QctVwltRdYU8YyKuOpQJtKvVdlZL0oxOwxPioTT8fOebRBaecKhQKF4fp9UGlE/GStud6oFSbN685U2TKihvYNmfLRSWQk1Y/APyCRlhOmhFLaIzJxogdlKzpg4AEg/2SRoEZPsqyZThI8uhCIT1qG0UBiZBTjey322fsEEZtNxO5nX/JeBDOVty3sIGs1OKBTjMXSZ+nzU9AIH6dek9Bz+Fix7a90IkQUB5xtgrIYgCH34L4a0o1jWy5bzT9fl53VnbzrICcT/wdRU/GznYYjxlF2uRBKIu7s0glDmsPXCZuorqvJlr2hySgN/hJKOlrCghraUD14pRk4OfRVKULkPQ7betgaCVbsihXplodrAgJ0BdIbf3tKRC8Ghx8+mYAWNXj+PtWBydEjEirCH70SJu53gjF5mNgl2EIaHNK7jqBgXhDr2/7uH97Tl+S9ue+TDlpr067T5JAqU3fOqq+ZS4wqEvqMYRfXd/V2FjNbBpoH8UW6pMuFaM06DBI+6p9O9xBl1eP3Sy3vrBwK2pCwLbi0LdJ2apQTl/51ZXp2xaaUAAh1Fu/bM21V7ENa5sGxpSTYwdSLyPnd8usqECw9W1XDNUI2EmJnp9AelD/joNwuL6U7pydrNUCguCjxHfbd+m0vc/te53GerJlSXbjEWz53f3RjSB90AaA6sOGhi1BFiHYSAjzMdqVSj4M68r+UF3YIuEuoaOzrVrkb5st3tYD0dz+ORhxo44aKEzgohseha5fg0wcTz9orqkeP/FyoOeItG2UwNVAWWGh/lBtXh8c4ILUMolZ1m2DWiYj/pyDvODVnP96u6TvyMC0H8aolgGHn7nDMTi+mCIvNFQYeXdVrRCpWS9aQik=,iv:cxdargXx2a7pET7BjCSZ/yXL7AnxNqncyDQ7CR3E3AA=,tag:2xKXfhBjynDqlvH377lpSA==,type:str]
nextcloud:
pass: ENC[AES256_GCM,data:U/VI/uHDT1a5O4iAHUVwsz/h,iv:W0hAXBddFKhXmDWHpCB2JhjPPTEGer7721WtIRxg4Zo=,tag:OE4wzibNaaXsbfFuk0dwTA==,type:str]
sops:
@@ -25,8 +30,8 @@ sops:
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-12T14:28:49Z"
mac: ENC[AES256_GCM,data:fXVSjqESPAREM5Iz3ZXS9stkYrXTeO4PR0lZuf8baR8OA9P07sQcPtq2parKL8RlALLcrdi3uqDJhv0Zw7mVwvnvzlgKsLssiz4U/N4zzIhwNXGvXccwKF4IEJD48/wRz31S87haIu0N8LHrV3LS++eZLnbWaqtVzuT39WxGUww=,iv:0QqLBKm3T+wCFgjFedViaCYBgBRKUkabqW6sv1OBSQE=,tag:ovUkgubwRfZnc94Ss4G2tA==,type:str]
lastmodified: "2024-11-17T16:33:08Z"
mac: ENC[AES256_GCM,data:q+aHvOUysVDFKcXJZ0/v0BEGhmwo/1wvVwyF4oWh09AWPzf3FlwZhaHmyz8hE2nlSIAiU7RDCnJ6haweHKC532+ckoI0z10iFGSu9UWZr1k/5asqZfXR7IrZw83fhnWQkofrPYLuEcJV/RXlT8n4HK6pt+ztB2JtiVt7wtyWOg4=,iv:IAviaFZUKDCFuaklBZxY+nck9g5Vri+QGR/rLsIxA1M=,tag:KbKRqueb921ugdyRhFguWw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

53
system-config/services/containers/gitlab/default.nix
View File

@@ -7,6 +7,31 @@
config = lib.mkIf config.sysconfig.opts.virtualization.gitlab.enable {
sops.secrets."gitlab/dbpass" = {
path = "/ssd1/Gitlab/dbpass";
};
sops.secrets."gitlab/root_pass" = {
path = "/ssd1/Gitlab/rootpass";
};
sops.secrets."gitlab/secrets/secret" = {
path = "/ssd1/Gitlab/secret";
};
sops.secrets."gitlab/secrets/otp" = {
path = "/ssd1/Gitlab/otp";
};
sops.secrets."gitlab/secrets/db" = {
path = "/ssd1/Gitlab/db";
};
sops.secrets."gitlab/secrets/jws" = {
path = "/ssd1/Gitlab/jws";
};
containers.gitlab = {
autoStart = true;
@@ -14,23 +39,35 @@
hostAddress = "192.168.100.10";
localAddress = "192.168.100.16";
bindMounts = {
"/etc/gitlab/data" = {
hostPath = "/ssd1/Gitlab/data";
"/etc/gitlab" = {
hostPath = "/ssd1/Gitlab";
isReadOnly = false;
};
};
config = {
systemd.tmpfiles.rules = [
"z /etc/gitlab/dbpass - gitlab gitlab"
"z /etc/gitlab/rootpass - gitlab gitlab"
"z /etc/gitlab/db - gitlab gitlab"
"z /etc/gitlab/secret - gitlab gitlab"
"z /etc/gitlab/jws - gitlab gitlab"
"z /etc/gitlab/otp - gitlab gitlab"
];
services.gitlab = {
enable = true;
#https = true;
#port = 443;
#host = "localhost";
databasePasswordFile = pkgs.writeText "dbPassword" "hellothere!";
initialRootPasswordFile = pkgs.writeText "rootPassword" "generalkenobi";
https = true;
port = 443;
host = "localhost";
databasePasswordFile = "/etc/gitlab/dbpass";
initialRootPasswordFile = "/etc/gitlab/rootpass";
secrets = {
secretFile = "/etc/gitlab/secret";
otpFile = "/etc/gitlab/otp";
dbFile = "/etc/gitlab/db";
jwsFile = "/etc/gitlab/jws";
};
};

77
system-config/services/containers/nextcloud/default.nix
View File

@@ -1,21 +1,57 @@
{ config, lib, pkgs, ... }: {
{ config, lib, pkgs, inputs, ... }: {
options.sysconfig.opts.virtualization.nextcloud.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
imports = [
inputs.simple-nixos-mailserver.nixosModule
];
config = lib.mkIf config.sysconfig.opts.virtualization.nextcloud.enable {
sops.templates."nextcloud_pass.txt" = {
content = ''
${config.sops.placeholder."nextcloud/pass"}
'';
/*mailserver = {
enable = true;
fqdn = "mail.blunkall.com";
domains = [ "blunkall.us" ];
path = "/ssd1/Nextcloud/nextcloud_pass.txt";
loginAccounts = {
"user1@blunkall.us" = {
hashedPasswordFile = "";
};
};
};*/
services.nginx.virtualHosts."localhost".listen = [ { addr = "0.0.0.0"; port = 8081; } ];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "localhost";
config = {
adminpassFile = config.sops.secrets."nextcloud/pass".path;
adminuser = "root";
dbtype = "mysql";
};
https = true;
datadir = "/ssd1/Nextcloud/data";
home = "/ssd1/Nextcloud/nextcloud_home";
appstoreEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit mail contacts calendar tasks user_oidc;
};
extraAppsEnable = true;
settings = {
overwriteprotocol = "https";
trusted_domains = [ "nextcloud.blunkall.us" ];
trusted_proxies = [ "192.168.100.11" ];
default_phone_region = "US";
};
database.createLocally = true;
};
containers.nextcloud = {
/*containers.nextcloud = {
autoStart = true;
privateNetwork = true;
@@ -24,33 +60,26 @@
bindMounts = {
"/var/lib/nextcloud" = {
"/etc/nextcloud" = {
hostPath = "/ssd1/Nextcloud";
isReadOnly = false;
};
};
config = {
networking.firewall.allowedTCPPorts = [ 80 ];
config = { config, lib, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.virtualHosts."192.168.100.16".listen = [ { addr = "0.0.0.0"; port = 80; } ];
environment.etc."nextcloud-admin-pass".text = "//falconAdjacent42";
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "localhost";
config.adminpassFile = "/var/lib/nextcloud/nextcloud_pass.txt";
datadir = "/var/lib/nextcloud/data";
home = "/var/lib/nextcloud/nextcloud_home";
https = true;
maxUploadSize = "5G";
settings = {
overwriteprotocol = "https";
};
package = pkgs.nextcloud28;
hostName = "192.168.100.16";
config.adminpassFile = "/etc/nextcloud-admin-pass";
};
system.stateVersion = "24.05";
system.stateVersion = "23.05";
};
};
};*/
};
}

26
system-config/services/containers/traefik/default.nix
View File

@@ -128,32 +128,44 @@
entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`blunkall.us`) || Host(`www.blunkall.us`)";
service = "homepage";
tls.certResolver = "cloudflare";
middlewares = [
"authentik"
];
};
nathan = {
entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`nathan.blunkall.us`)";
service = "homepage";
tls.certResolver = "cloudflare";
};
jellyfin = {
entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`jellyfin.blunkall.us`)";
service = "jellyfin";
tls.certResolver = "cloudflare";
};
auth = {
entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`auth.blunkall.us`)";
service = "authentik";
tls.certResolver = "cloudflare";
};
/*gitlab = {
gitlab = {
entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`gitlab.blunkall.us`)";
service = "gitlab";
};*/
service = "homepage";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};
nextcloud = {
entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`nextcloud.blunkall.us`)";
service = "nextcloud";
tls.certResolver = "cloudflare";
middlewares = [
"nextcloud_redirectregex"
];
@@ -163,12 +175,14 @@
entryPoints = [ "localsecure" ];
rule = "Host(`traefik.local.blunkall.us`)";
service = "api@internal";
tls.certResolver = "cloudflare";
};
pihole = {
entryPoints = [ "localsecure" ];
rule = "Host(`pihole.local.blunkall.us`)";
service = "pihole";
tls.certResolver = "cloudflare";
};
};
@@ -193,8 +207,8 @@
nextcloud_redirectregex.redirectregex = {
permanent = true;
regex = "https://(.*)/.well-known/(?:card|cal)dav";
replacement = "https://$${1}/remote.php/dav";
regex = "https://nextcloud.blunkall.us/.well-known/(?:card|cal)dav";
replacement = "https://nextcloud.blunkall.us/remote.php/dav";
};
};
@@ -209,7 +223,7 @@
pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.10:8081"; } ];
};
};
};