64 lines
1.4 KiB
Nix

{ config, specialArgs, fqdn, ... }:
let
gitlab_home = "/var/lib/gitlab";
gitlab_host = "gitlab.${fqdn}";
in
{
environment.persistence.save.directories = [
gitlab_home
];
systemd.timers.delay-gitlab-start = {
after = [ "docker.service" "docker.socket" ];
wantedBy = [ "timers.target" "network-online.target" ];
timerConfig = {
OnActiveSec = "30sec";
Unit = "docker-gitlab.service";
};
};
virtualisation.oci-containers.containers.gitlab = {
image = "gitlab/gitlab-ee:latest";
autoStart = true;
ports = [
"127.0.0.1:8080:80"
"2222:22"
];
volumes = [
"${gitlab_home}/config:/etc/gitlab"
"${gitlab_home}/logs:/var/log/gitlab"
"${gitlab_home}/data:/var/opt/gitlab"
];
extraOptions = [
"--shm-size=256m"
"--hostname=${gitlab_host}"
"--pull=always"
];
};
systemd.services.docker-gitlab.after = [ "delay-gitlab.timer" ];
networking.firewall.allowedTCPPorts = [
2222
];
services.gitlab-runner = {
enable = true;
services = {
default = {
registrationConfigFile = config.age.secrets.gitlab-runner-reg-config.path;
dockerImage = "alpine";
tagList = [
"alpine"
"default"
];
};
};
};
services.nginx.virtualHosts."${gitlab_host}" = {
locations."/".proxyPass = "http://127.0.0.1:8080";
forceSSL = true;
enableACME = true;
};
}