1
0
Fork 0

nixbld: act as front HTTP server, add SSL for lab.m-labs.hk and buildbot.m-labs.hk, expose gitlab instance

This commit is contained in:
Sebastien Bourdeauducq 2019-03-28 00:15:40 +08:00
parent 613c1b597a
commit 08760583dc
1 changed files with 22 additions and 2 deletions

View File

@ -49,7 +49,7 @@
services.openssh.enable = true; services.openssh.enable = true;
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 631 3000 5801 5901 6001 80 ]; networking.firewall.allowedTCPPorts = [ 631 5901 80 443 ];
networking.firewall.allowedUDPPorts = [ 631 ]; networking.firewall.allowedUDPPorts = [ 631 ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;
@ -135,6 +135,9 @@ ACTION=="add", SUBSYSTEM=="tty", \
services.gitlab = { services.gitlab = {
enable = true; enable = true;
host = "gitlab.m-labs.hk";
port = 443;
https = true;
databasePassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-db-password; databasePassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-db-password;
secrets = import /etc/nixos/secret/gitlab.nix; secrets = import /etc/nixos/secret/gitlab.nix;
initialRootPassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-default-root; initialRootPassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-default-root;
@ -144,7 +147,24 @@ ACTION=="add", SUBSYSTEM=="tty", \
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"nixbld.lab.m-labs.hk" = { "buildbot.m-labs.hk" = {
addSSL = true;
enableACME = true;
locations."/".proxyPass = "http://192.168.1.100";
};
"lab.m-labs.hk" = {
addSSL = true;
enableACME = true;
locations."/".proxyPass = "http://192.168.1.100";
};
"nixbld.m-labs.hk" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:3000";
};
"gitlab.m-labs.hk" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
}; };
}; };