Jaaj-San/pointfichiers
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(services): Added gitlab services. Not enabled tho

Browse source
This commit is contained in:
GaspardCulis 2024-10-24 12:29:18 +02:00
parent 3e795794d4
commit 13d9acd26e
2 changed files with 36 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
secrets/OVHCloud.yaml
View file

@ -15,6 +15,13 @@ caddy:
ovh_consumer_key: ENC[AES256_GCM,data:oFLHB7obwz3F59Vt8LRxpKaHBjEaoYCrKLKPoqVHz4M=,iv:rXxR2Nv3YaT2QubZUqIi60RxaHe9ZaIT9hLiogbPVFw=,tag:5m+xXEUbN+a2fHCf+EXf9A==,type:str] ovh_consumer_key: ENC[AES256_GCM,data:oFLHB7obwz3F59Vt8LRxpKaHBjEaoYCrKLKPoqVHz4M=,iv:rXxR2Nv3YaT2QubZUqIi60RxaHe9ZaIT9hLiogbPVFw=,tag:5m+xXEUbN+a2fHCf+EXf9A==,type:str]
garage: garage:
RPC_SECRET: ENC[AES256_GCM,data:OJbIST1mtpqMNk+MKnGFy6+tXjc6aEOMIWnfs8QY9ozpxN2apAN7ZrjAAZc3J7ORUIhUQh8Vjkb1EhxdqGxERA==,iv:NhREhGE0wz3/0sdXUxuDqWaPdjeeQFau2OEVsqpV3F0=,tag:yGYd5txtVQzIOchh2L/XXQ==,type:str] RPC_SECRET: ENC[AES256_GCM,data:OJbIST1mtpqMNk+MKnGFy6+tXjc6aEOMIWnfs8QY9ozpxN2apAN7ZrjAAZc3J7ORUIhUQh8Vjkb1EhxdqGxERA==,iv:NhREhGE0wz3/0sdXUxuDqWaPdjeeQFau2OEVsqpV3F0=,tag:yGYd5txtVQzIOchh2L/XXQ==,type:str]
gitlab:
DATABASE_PASSWORD: ENC[AES256_GCM,data:XINUoSf8FdPdZamlU5OlVf5cwNzd+1cC,iv:pdExA2VOiaQPEVSqNqnTLpqC72Q/bMlZqVVKuUOjTlg=,tag:nTZiUxo4YIDluRSJJ0yj0w==,type:str]
INITIAL_ROOT_PASSWORD: ENC[AES256_GCM,data:Bst1bbspfLgcvRk=,iv:3H2b9gL8jCEmMUWhrlzy05LghfMa/+6wRDNGITjO3XM=,tag:PXsZ6+2kp9SuS6XRUjCeGw==,type:str]
SECRET_KEY: ENC[AES256_GCM,data:JBaEx7ktyvbAHoShcgWygrOZcdRoNcpZfiQ8oksxWj+py0dSkbKjzQ0SRRQ=,iv:C6W2SJoIPMg2WYMj1ZrcabcYxwqUgGZzQcKOrBp+rFs=,tag:EpykSmAEvgryxNEca9TM8A==,type:str]
OTP_KEY: ENC[AES256_GCM,data:BphY+ZO26N82iN1782ephpyqYwTt3UmCawX9/1kwvWEo5OebpUOOOQnR03I=,iv:EaHAW/sb1MGfN9ZFeB8t4xxVUtxb5jM7uL06/eGPxck=,tag:Qg+0oBsc0oB1T8NO2Znw5g==,type:str]
DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str]
JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str]
penpot: penpot:
SECRET_KEY: ENC[AES256_GCM,data:Ebeehmby3FBDOaTxwTWg9vKTsB+w8wpa6FdxcvvRTwDR07A0Ljk4WCaPmbPBArbwB14cMSuGeDGBrvNo1x8N+u3FeMMei+TGvgJGssZynxEN7+g5gTg=,iv:ZAa3n7CCyeeeAIv48JpIZmjFiyHiXLFK+Q0Wqf7utFY=,tag:6JZZ53jEM579vYhQG4X2Fw==,type:str] SECRET_KEY: ENC[AES256_GCM,data:Ebeehmby3FBDOaTxwTWg9vKTsB+w8wpa6FdxcvvRTwDR07A0Ljk4WCaPmbPBArbwB14cMSuGeDGBrvNo1x8N+u3FeMMei+TGvgJGssZynxEN7+g5gTg=,iv:ZAa3n7CCyeeeAIv48JpIZmjFiyHiXLFK+Q0Wqf7utFY=,tag:6JZZ53jEM579vYhQG4X2Fw==,type:str]
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:+GrXq113byY5XqFDE1tF4n5xcrhIjg2KI39xgxY6hEcS3r6KcF6SAFmczoscMFPJccaTv7Pcr7zfzDxGT7zDuNyj324nzvff,iv:onZV3ESU4Kbvp9x9rfXuq17FlhaoE/4ZXIwH4/bOXPc=,tag:I02FFF54NDMyJuicdwy4TA==,type:str] OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:+GrXq113byY5XqFDE1tF4n5xcrhIjg2KI39xgxY6hEcS3r6KcF6SAFmczoscMFPJccaTv7Pcr7zfzDxGT7zDuNyj324nzvff,iv:onZV3ESU4Kbvp9x9rfXuq17FlhaoE/4ZXIwH4/bOXPc=,tag:I02FFF54NDMyJuicdwy4TA==,type:str]
@ -58,8 +65,8 @@ sops:
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ== y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-23T12:22:14Z" lastmodified: "2024-10-24T10:04:55Z"
mac: ENC[AES256_GCM,data:+x/QFSLjXqgJ3FLTvXABF0dpLBMVKfTb3o2qmQvygzaPiXHP0rjGQbXKaxczMng8t8nGo8nEKbSvf/0Ih8ruOCnmpw5ByB4iLd5vtlhhYmQ7vXlpCDHAjtkwA/aTJpZbJLUvPnDLCDX1uopcVUfJZstuRgBBMqEa4TQ8uHZAQ5M=,iv:O5bozwctz2q0YERDllsGyUDHAPNtosqetaUqjC2pIac=,tag:NR671Rrpo3HuJl+o/9mPWw==,type:str] mac: ENC[AES256_GCM,data:fXCKFVev+ALjXdSPDw7QynQvh2ItusAUq/ZHCUv2dTLZcoW1/42hOyRexQPoQTAw+mACB1Sp9IPu5N5Gg3TSoxV6I67q7+S8FZVzfB1a8wMTIDF1vSOp5eHM3g6i8Wjip23V0LqUqjok4tuunDVnkOmp0uD0fLlaIiTpFgS3HJo=,iv:iq8CYdzR2F4knyTBHYIsS/hF+WCYcWXrpBAl2Ow60A0=,tag:hmNaTtIUqHRbU9aFzD6gww==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0

27
services/gitlab/default.nix Normal file
View file

@ -0,0 +1,27 @@
{config, ...}: let
port = 8086;
in {
sops.secrets."gitlab/DATABASE_PASSWORD".owner = "gitlab";
sops.secrets."gitlab/INITIAL_ROOT_PASSWORD".owner = "gitlab";
sops.secrets."gitlab/SECRET_KEY".owner = "gitlab";
sops.secrets."gitlab/OTP_KEY".owner = "gitlab";
sops.secrets."gitlab/DB_KEY".owner = "gitlab";
sops.secrets."gitlab/JWS_KEY".owner = "gitlab";
services.caddy.virtualHosts."git.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:${toString port}
'';
services.gitlab = {
enable = true;
port = port;
databasePasswordFile = config.sops.secrets."gitlab/DATABASE_PASSWORD".path;
initialRootPasswordFile = config.sops.secrets."gitlab/INITIAL_ROOT_PASSWORD".path;
secrets = {
secretFile = config.sops.secrets."gitlab/SECRET_KEY".path;
otpFile = config.sops.secrets."gitlab/OTP_KEY".path;
dbFile = config.sops.secrets."gitlab/DB_KEY".path;
jwsFile = config.sops.secrets."gitlab/JWS_KEY".path;
};
};
}