From 4c597b135c52f1fbd9b8aba0419be8266009966f Mon Sep 17 00:00:00 2001
From: Sebastien Bourdeauducq <sb@m-labs.hk>
Date: Wed, 27 Mar 2019 22:42:12 +0800
Subject: [PATCH] nixbld: run Gitlab instance (WIP)

---
 nixbld-etc-nixos/configuration.nix | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index eafac96..3cb0666 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -49,7 +49,7 @@
   services.openssh.enable = true;
 
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 631 3000 5801 5901 6001 ];
+  networking.firewall.allowedTCPPorts = [ 631 3000 5801 5901 6001 80 ];
   networking.firewall.allowedUDPPorts = [ 631 ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
@@ -134,6 +134,23 @@ ACTION=="add", SUBSYSTEM=="tty", \
 
   virtualisation.libvirtd.enable = true;
 
+  services.gitlab = {
+    enable = true;
+    databasePassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-db-password;
+    secrets = import /etc/nixos/secret/gitlab.nix;
+    initialRootPassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-default-root;
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "nixbld.lab.m-labs.hk" = {
+        locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+      };
+    };
+  };
+
   # This value determines the NixOS release with which your system is to be
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you