From 08760583dc719fa4494f64d5f734ca6863ce29f7 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Thu, 28 Mar 2019 00:15:40 +0800 Subject: [PATCH] nixbld: act as front HTTP server, add SSL for lab.m-labs.hk and buildbot.m-labs.hk, expose gitlab instance --- nixbld-etc-nixos/configuration.nix | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 409a22d..1b8e8b7 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -49,7 +49,7 @@ services.openssh.enable = true; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 631 3000 5801 5901 6001 80 ]; + networking.firewall.allowedTCPPorts = [ 631 5901 80 443 ]; networking.firewall.allowedUDPPorts = [ 631 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; @@ -135,6 +135,9 @@ ACTION=="add", SUBSYSTEM=="tty", \ services.gitlab = { enable = true; + host = "gitlab.m-labs.hk"; + port = 443; + https = true; databasePassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-db-password; secrets = import /etc/nixos/secret/gitlab.nix; initialRootPassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-default-root; @@ -144,7 +147,24 @@ ACTION=="add", SUBSYSTEM=="tty", \ enable = true; recommendedProxySettings = true; virtualHosts = { - "nixbld.lab.m-labs.hk" = { + "buildbot.m-labs.hk" = { + addSSL = true; + enableACME = true; + locations."/".proxyPass = "http://192.168.1.100"; + }; + "lab.m-labs.hk" = { + addSSL = true; + enableACME = true; + locations."/".proxyPass = "http://192.168.1.100"; + }; + "nixbld.m-labs.hk" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:3000"; + }; + "gitlab.m-labs.hk" = { + forceSSL = true; + enableACME = true; locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; }; };