started container config

2024-10-26 19:50:45 -05:00
parent af2ebb4902
commit 52a582f87f
7 changed files with 90 additions and 16 deletions
--- a/system-config/configuration/homebox/default.nix
+++ b/system-config/configuration/homebox/default.nix
@@ -10,6 +10,8 @@
      (import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; })
      
      inputs.impermanence.nixosModules.impermanence
+
+      inputs.sops-nix.nixosModules.sops
      
      inputs.home-manager.nixosModules.default
      
@@ -96,7 +98,7 @@
        hostName = "homebox";
        nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
        networkmanager.enable = true;
-        firewall.allowedTCPPorts = [ 22 ];
+        firewall.allowedTCPPorts = [ 22 80 443 9080 9443 ];
    };

  system.stateVersion = "23.05"; # Did you read the comment?
@@ -164,7 +166,7 @@
  programs.fuse.userAllowOther = true;

  home-manager = {
-    backupFileExtension = ".backup";
+    backupFileExtension = "backup";
    extraSpecialArgs = {inherit inputs;};
    users = {
      "nathan" = lib.mkMerge [
--- a/system-config/services/containers/default.nix
+++ b/system-config/services/containers/default.nix
@@ -0,0 +1,7 @@
+{ ... }: {
+
+    imports = [
+        ./gitlab
+        ./traefik
+    ];
+}
--- a/system-config/services/containers/gitlab/default.nix
+++ b/system-config/services/containers/gitlab/default.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }: {
+
+    options.sysconfig.opts.virtualization.gitlab.enable = lib.options.mkOption {
+        type = lib.types.bool;
+        default = false;
+    };
+
+    config = lib.mkIf config.sysconfig.opts.virtualization.gitlab.enable {
+
+        virtualisation.containers.gitlab = {
+
+            autoStart = true;
+            privateNetwork = true;
+            hostAddress = "192.168.100.10";
+            localAddress = "192.168.100.11";
+            config = {
+                
+                services.gitlab = {
+                    enable = true;
+                    #https = true;
+                    #port = 443;
+                    #host = "localhost";
+                    databasePasswordFile = pkgs.writeText "dbPassword" "hellothere!";
+                    initialRootPasswordFile = pkgs.writeText "rootPassword" "generalkenobi";
+
+                    secrets = {
+
+                    };
+                };
+            };
+        };
+    };
+}
--- a/system-config/services/containers/traefik/default.nix
+++ b/system-config/services/containers/traefik/default.nix
@@ -0,0 +1,26 @@
+{ config, lib, ... }: {
+    
+    options.sysconfig.opts.virtualization.traefik.enable = lib.options.mkOption {
+        type = lib.types.bool;
+        default = false;
+    };
+
+    config = lib.mkIf config.sysconfig.opts.virtualization.traefik.enable {
+
+        services.traefik = {
+
+            enable = true;
+
+            staticConfigOpts = {
+                entryPoints = {
+                    web = {};
+                    websecure = {};
+                    log = {};
+                    certificatesResolvers
+                };
+            };
+
+            dynamicConfigOpts = {};
+        };
+    };
+}
--- a/system-config/services/default.nix
+++ b/system-config/services/default.nix
@@ -4,5 +4,6 @@
    ./ollama
    ./openssh
    ./pipewire
+#    ./containers
  ];
 }