Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gitlab works!!!

Browse Source
This commit is contained in:
blaknull
2024-11-17 16:47:29 -06:00
parent 05c48fec76
commit 6a3269b587
3 changed files with 59 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
flake.lock generated
View File

@@ -1193,11 +1193,11 @@
"locked": {
"lastModified": 1,
"narHash": "sha256-mrfMvef+tOYMK35horTWF43tQpES1zI7hb5RbzN3oIk=",
"path": "/nix/store/q46830crsjac147qc48lk311icpidql9-source/home-manager",
"path": "/nix/store/7za067g4wcxsk57zh63372x8jxkhl03v-source/home-manager",
"type": "path"
},
"original": {
"path": "/nix/store/q46830crsjac147qc48lk311icpidql9-source/home-manager",
"path": "/nix/store/7za067g4wcxsk57zh63372x8jxkhl03v-source/home-manager",
"type": "path"
}
},
@@ -1807,11 +1807,11 @@
"locked": {
"lastModified": 1,
"narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=",
"path": "/nix/store/z0kg92cbspdsmgnsk68pk6qwhl273jq6-source/programs",
"path": "/nix/store/ib1zcvq12pk99aq8x0jh8d1xx6p12vak-source/programs",
"type": "path"
},
"original": {
"path": "/nix/store/z0kg92cbspdsmgnsk68pk6qwhl273jq6-source/programs",
"path": "/nix/store/ib1zcvq12pk99aq8x0jh8d1xx6p12vak-source/programs",
"type": "path"
}
},
@@ -1882,11 +1882,11 @@
"locked": {
"lastModified": 1,
"narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=",
"path": "/nix/store/z0kg92cbspdsmgnsk68pk6qwhl273jq6-source/services/sddm",
"path": "/nix/store/ib1zcvq12pk99aq8x0jh8d1xx6p12vak-source/services/sddm",
"type": "path"
},
"original": {
"path": "/nix/store/z0kg92cbspdsmgnsk68pk6qwhl273jq6-source/services/sddm",
"path": "/nix/store/ib1zcvq12pk99aq8x0jh8d1xx6p12vak-source/services/sddm",
"type": "path"
}
},
@@ -1976,12 +1976,12 @@
},
"locked": {
"lastModified": 1,
"narHash": "sha256-/2sJK37sV+nJSCuyr2iW2gyO/1Jg/K9aV0dzDG+eR6c=",
"path": "/nix/store/q46830crsjac147qc48lk311icpidql9-source/system-config",
"narHash": "sha256-JnCyzbcEKzcTNeeiF869/sv9+8LPFbgNIdsQc/T78JU=",
"path": "/nix/store/7za067g4wcxsk57zh63372x8jxkhl03v-source/system-config",
"type": "path"
},
"original": {
"path": "/nix/store/q46830crsjac147qc48lk311icpidql9-source/system-config",
"path": "/nix/store/7za067g4wcxsk57zh63372x8jxkhl03v-source/system-config",
"type": "path"
}
},

80
system-config/services/containers/gitlab/default.nix
View File

@@ -85,6 +85,8 @@
"z /etc/gitlab/secret - gitlab gitlab"
"z /etc/gitlab/jws - gitlab gitlab"
"z /etc/gitlab/otp - gitlab gitlab"
"z /etc/gitlab/oidc-id - gitlab gitlab"
"z /etc/gitlab/oidc-secret - gitlab gitlab"
];
services.gitlab = {
@@ -95,10 +97,12 @@
databasePasswordFile = "/etc/gitlab/dbpass";
initialRootPasswordFile = "/etc/gitlab/rootpass";
extraEnv = {
OIDC_CLIENT_ID = builtins.readFile "/etc/gitlab/oidc-id";
OIDC_CLIENT_SECRET = builtins.readFile "/etc/gitlab/oidc-secret";
};
statePath = "/etc/gitlab/data";
/*extraEnv = {
OIDC_CLIENT_ID = "";
OIDC_CLIENT_SECRET = "";
};*/
secrets = {
secretFile = "/etc/gitlab/secret";
@@ -107,38 +111,46 @@
jwsFile = "/etc/gitlab/jws";
};
extraGitlabRb = ''
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'openid_connect'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_auto_link_user'] = ["openid_connect"]
gitlab_rails['omniauth_providers'] = [
extraConfig = {
gitlab = {
default_project_features = {
builds = false;
};
};
omniauth = {
enabled = true;
auto_sign_in_with_provider = "openid_connect";
allow_single_sign_on = [ "openid_connect" ];
sync_email_from_provider = "openid_connect";
sync_profile_from_provider = [ "openid_connect" ];
sync_profile_attributes = [ "email" ];
auto_link_saml_user = true;
auto_link_user = [ "openid_connect" ];
block_auto_created_users = false;
providers = [
{
name: 'openid_connect',
label: 'My Company OIDC Login',
args: {
name: 'openid_connect',
scope: ['openid','profile','email'],
response_type: 'code',
issuer: 'https://auth.blunkall.us/application/o/gitlab/',
discovery: true,
client_auth_method: 'query',
uid_field: 'preferred_username',
send_scope_to_token_endpoint: 'true',
pkce: true,
client_options: {
identifier: '$${OIDC_CLIENT_ID}',
secret: '$${OIDC_CLIENT_SECRET}',
redirect_uri: 'https://gitlab.blunkall.us/users/auth/openid_connect/callback'
name = "openid_connect";
label = "Authentik SSO";
args = {
name = "openid_connect";
scope = [ "openid" "profile" "email" ];
response_type = "code";
issuer = "https://auth.blunkall.us/application/o/gitlab/";
discovery = true;
client_auth_method = "query";
uid_field = "preferred_username";
send_scope_to_token_endpoint = true;
pkce = true;
client_options = {
identifier = { _secret = "/etc/gitlab/oidc-id"; };
secret = { _secret = "/etc/gitlab/oidc-secret"; };
redirect_uri = "https://gitlab.blunkall.us/users/auth/openid_connect/callback";
};
};
}
}
}
]
'';
];
};
};
};
services.nginx = {
enable = true;

4
system-config/services/containers/traefik/default.nix
View File

@@ -156,7 +156,7 @@
gitlab = {
entryPoints = [ "localsecure" "websecure" ];
rule = "Host(`gitlab.blunkall.us`)";
service = "homepage";
service = "gitlab";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};
@@ -213,7 +213,7 @@
};
services = {
#gitlab.loadBalancer.servers = [ { url = "http://192.168.100.12:80"; } ];
gitlab.loadBalancer.servers = [ { url = "http://192.168.100.16:80"; } ];
homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];