forked from M-Labs/nix-scripts
nixbld: act as front HTTP server, add SSL for lab.m-labs.hk and buildbot.m-labs.hk, expose gitlab instance
This commit is contained in:
parent
613c1b597a
commit
08760583dc
|
@ -49,7 +49,7 @@
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
networking.firewall.allowedTCPPorts = [ 631 3000 5801 5901 6001 80 ];
|
networking.firewall.allowedTCPPorts = [ 631 5901 80 443 ];
|
||||||
networking.firewall.allowedUDPPorts = [ 631 ];
|
networking.firewall.allowedUDPPorts = [ 631 ];
|
||||||
# Or disable the firewall altogether.
|
# Or disable the firewall altogether.
|
||||||
# networking.firewall.enable = false;
|
# networking.firewall.enable = false;
|
||||||
|
@ -135,6 +135,9 @@ ACTION=="add", SUBSYSTEM=="tty", \
|
||||||
|
|
||||||
services.gitlab = {
|
services.gitlab = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
host = "gitlab.m-labs.hk";
|
||||||
|
port = 443;
|
||||||
|
https = true;
|
||||||
databasePassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-db-password;
|
databasePassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-db-password;
|
||||||
secrets = import /etc/nixos/secret/gitlab.nix;
|
secrets = import /etc/nixos/secret/gitlab.nix;
|
||||||
initialRootPassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-default-root;
|
initialRootPassword = pkgs.lib.fileContents /etc/nixos/secret/gitlab-default-root;
|
||||||
|
@ -144,7 +147,24 @@ ACTION=="add", SUBSYSTEM=="tty", \
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"nixbld.lab.m-labs.hk" = {
|
"buildbot.m-labs.hk" = {
|
||||||
|
addSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".proxyPass = "http://192.168.1.100";
|
||||||
|
};
|
||||||
|
"lab.m-labs.hk" = {
|
||||||
|
addSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".proxyPass = "http://192.168.1.100";
|
||||||
|
};
|
||||||
|
"nixbld.m-labs.hk" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/".proxyPass = "http://127.0.0.1:3000";
|
||||||
|
};
|
||||||
|
"gitlab.m-labs.hk" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue