2023-12-07 09:05:24 -06:00

54 lines
1.2 KiB
Nix

{ secrets, config, specialArgs, fqdn, ... }:
let
gitlab_home = "/var/lib/gitlab";
gitlab_host = "gitlab.${fqdn}";
in
{
environment.persistence.save.directories = [
gitlab_home
];
virtualisation.oci-containers.containers.gitlab = {
image = "gitlab/gitlab-ee:latest";
autoStart = true;
ports = [
"127.0.0.1:8080:80"
"2222:22"
];
volumes = [
"${gitlab_home}/config:/etc/gitlab"
"${gitlab_home}/logs:/var/log/gitlab"
"${gitlab_home}/data:/var/opt/gitlab"
];
extraOptions = [
"--shm-size=256m"
"--hostname=${gitlab_host}"
"--pull=always"
];
};
networking.firewall.allowedTCPPorts = [
2222
];
age.secrets.gitlab-runner-reg-config.file = "${secrets}/gitlab-runner-reg-config.age";
services.gitlab-runner = {
enable = true;
services = {
default = {
registrationConfigFile = config.age.secrets.gitlab-runner-reg-config.path;
dockerImage = "alpine";
tagList = [
"alpine"
"default"
];
};
};
};
services.nginx.virtualHosts."${gitlab_host}" = {
locations."/".proxyPass = "http://127.0.0.1:8080";
forceSSL = true;
enableACME = true;
};
}