diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix index c8aef57..738b83d 100644 --- a/hosts/parsons/configuration.nix +++ b/hosts/parsons/configuration.nix @@ -16,10 +16,8 @@ ../../services/hedgedoc-i4f.nix ../../services/mail.nix ../../services/syncthing.nix - ../../services/gitlab.nix ../../services/gitea.nix ../../services/nginx-pages.nix - ../../services/gitlab-runner.nix ../../services/lantifa.nix ../../services/vaultwarden.nix ../../services/uffd.nix diff --git a/services/gitlab-runner.nix b/services/gitlab-runner.nix deleted file mode 100644 index 6a467d6..0000000 --- a/services/gitlab-runner.nix +++ /dev/null @@ -1,64 +0,0 @@ -{config, pkgs, lib, ...}: - -{ - services.gitlab-runner = { - enable = true; - concurrent = 4; - services = { - infra4future = { - buildsDir = "/persist/var/lib/gitlab-runner/builds"; - dockerImage = "nixos/nix"; - executor = "docker"; - registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env"; - }; - nix = { - limit = 1; # don't run multiple jobs - registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env"; - dockerImage = "alpine"; - dockerVolumes = [ - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - ]; - dockerDisableCache = true; - preBuildScript = pkgs.writeScript "setup-container" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" - . ${pkgs.nix}/etc/profile.d/nix.sh - ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} - ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable - ${pkgs.nix}/bin/nix-channel --update nixpkgs - ''; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; - }; - tagList = [ "nix" ]; - }; - }; - }; - - systemd.services.gitlab-runner.serviceConfig = { - DynamicUser = lib.mkForce false; - User = "gitlab-runner"; - }; - - users.users.gitlab-runner = { - home = "/persist/var/lib/gitlab-runner"; - extraGroups = [ "docker" ]; - isSystemUser = true; - group = "nogroup"; - }; - - virtualisation.docker.storageDriver = "zfs"; -} diff --git a/services/gitlab.nix b/services/gitlab.nix deleted file mode 100644 index 8a2c708..0000000 --- a/services/gitlab.nix +++ /dev/null @@ -1,165 +0,0 @@ -{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}: - -{ - containers.gitlab = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.1"; - localAddress = "192.168.100.7"; - - bindMounts = { - "/persist" = { - hostPath = "/persist/containers/gitlab"; - isReadOnly = false; - }; - }; - - path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; - - imports = [ - ../modules/mattermost.nix - ((import sources.nix-hexchen) {}).profiles.nopersist - ]; - - nixpkgs.config.allowUnfree = true; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; - - services.gitlab = { - enable = true; - - databaseCreateLocally = true; - - host = "gitlab.infra4future.de"; - https = true; - port = 443; - - statePath = "/persist/gitlab"; - user = "git"; - databaseUsername = "git"; - - initialRootPasswordFile = "/persist/secrets/gitlab-root"; - secrets.secretFile = "/persist/secrets/gitlab-secret"; - secrets.dbFile = "/persist/secrets/gitlab-db"; - secrets.otpFile = "/persist/secrets/gitlab-otp"; - secrets.jwsFile = "/persist/secrets/gitlab-jws"; - - smtp = { - enable = true; - address = "mail.hacc.space"; - port = 587; - authentication = "plain"; - domain = "gitlab.infra4future.de"; - enableStartTLSAuto = true; - username = "noreply@infra4future.de"; - passwordFile = "/persist/secrets/noreply-pass"; - }; - - pagesExtraArgs = [ "-listen-proxy" "0.0.0.0:8090" ]; - extraConfig = { - pages = { - enabled = true; - host = "4future.dev"; - port = 443; - https = true; - }; - omniauth = { - enabled = true; - auto_sign_in_with_provider = "oauth2_generic"; - allow_single_sign_on = ["oauth2_generic"]; - block_auto_created_users = false; - providers = [ - { - name = "oauth2_generic"; - label = "infra4future Login"; - app_id = "gitlab"; - app_secret = { _secret = "/persist/secrets/oidc-clientsecret"; }; - args = { - client_options = { - site = "https://login.infra4future.de"; - user_info_url = "/oauth2/userinfo"; - authorize_url = "/oauth2/authorize"; - token_url = "/oauth2/token"; - }; - strategy_class ="OmniAuth::Strategies::OAuth2Generic"; - }; - } - ]; - }; - }; - }; - - services.redis.enable = true; - services.postgresql.package = pkgs.postgresql_13; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts."gitlab.infra4future.de" = { - default = true; - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; - locations."/".extraConfig = '' - proxy_redirect off; - ''; - }; - }; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - users.users.git = { - isSystemUser = true; - group = "gitlab"; - home = "/persist/gitlab/home"; - uid = 165; - }; - - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; - })).config.system.build.toplevel; - }; - - # hexchen.nftables.nat.forwardPorts = [{ - # ports = [ 22 ]; - # destination = "${config.containers.gitlab.localAddress}:22"; - # proto = "tcp"; - # }]; - - services.nginx.virtualHosts."gitlab.infra4future.de" = { - locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80"; - locations."/".extraConfig = '' - proxy_set_header X-Nginx-Proxy true; - proxy_redirect off; - ''; - enableACME = true; - forceSSL = true; - }; - - services.nginx.virtualHosts."4future.dev" = { - locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:8090"; - serverName = "~^((.*)\.)?4future\.dev$"; - useACMEHost = "4future.dev"; - forceSSL = true; - }; - - security.acme.certs."4future.dev" = { - dnsProvider = "cloudflare"; - credentialsFile = "/var/lib/acme/cloudflare.pass"; - extraDomainNames = [ "*.4future.dev" ]; - group = config.services.nginx.group; - }; -} diff --git a/websites/hacc.earth/index.html b/websites/hacc.earth/index.html index 01ee6dc..8abfd94 100644 --- a/websites/hacc.earth/index.html +++ b/websites/hacc.earth/index.html @@ -349,7 +349,7 @@
The hacc e.V. runs this page (hacc.earth) but not necessarily the linked projects. You can find more about our activities and involvements on our own page.
-Also the source of the page can be found here. As with the hacc e.V. infrastructure in general you are invited to make change requests or just contact us to ask for changes.
+Also the source of the page can be found here. As with the hacc e.V. infrastructure in general you are invited to make change requests or just contact us to ask for changes.
The hacc logo was designed by Creatives for Future. @@ -451,7 +451,7 @@ The hacc logo was designed by Creatives
@@ -430,7 +427,7 @@ Germany
-The source of the page can be found here. As with the hacc e.V. infrastructure in general you are invited to make change requests or just contact us to ask for changes. +The source of the page can be found here. As with the hacc e.V. infrastructure in general you are invited to make change requests or just contact us to ask for changes.
The hacc logo was designed by Creatives for Future. @@ -443,7 +440,7 @@ The hacc logo was designed by Creatives