nixbld: run Gitlab instance (WIP)

This commit is contained in:
Sebastien Bourdeauducq 2019-03-27 22:42:12 +08:00
parent b967aa96d0
commit 4c597b135c
1 changed files with 18 additions and 1 deletions

View File

@ -49,7 +49,7 @@
services.openssh.enable = true; services.openssh.enable = true;
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 631 3000 5801 5901 6001 ]; networking.firewall.allowedTCPPorts = [ 631 3000 5801 5901 6001 80 ];
networking.firewall.allowedUDPPorts = [ 631 ]; networking.firewall.allowedUDPPorts = [ 631 ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;
@ -134,6 +134,23 @@ ACTION=="add", SUBSYSTEM=="tty", \
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
services.gitlab = {
enable = true;
databasePassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-db-password;
secrets = import /etc/nixos/secret/gitlab.nix;
initialRootPassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-default-root;
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"nixbld.lab.m-labs.hk" = {
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
};
# This value determines the NixOS release with which your system is to be # This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you # servers. You should change this only after NixOS release notes say you