From 77d76253155ef0c2db4e6d32bec264e40433da6d Mon Sep 17 00:00:00 2001 From: moira Date: Sat, 24 Sep 2022 17:29:42 +0200 Subject: [PATCH] remove gitlab --- hosts/parsons/configuration.nix | 2 - services/gitlab-runner.nix | 64 ------------- services/gitlab.nix | 165 -------------------------------- 3 files changed, 231 deletions(-) delete mode 100644 services/gitlab-runner.nix delete mode 100644 services/gitlab.nix diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix index c8aef57..738b83d 100644 --- a/hosts/parsons/configuration.nix +++ b/hosts/parsons/configuration.nix @@ -16,10 +16,8 @@ ../../services/hedgedoc-i4f.nix ../../services/mail.nix ../../services/syncthing.nix - ../../services/gitlab.nix ../../services/gitea.nix ../../services/nginx-pages.nix - ../../services/gitlab-runner.nix ../../services/lantifa.nix ../../services/vaultwarden.nix ../../services/uffd.nix diff --git a/services/gitlab-runner.nix b/services/gitlab-runner.nix deleted file mode 100644 index 6a467d6..0000000 --- a/services/gitlab-runner.nix +++ /dev/null @@ -1,64 +0,0 @@ -{config, pkgs, lib, ...}: - -{ - services.gitlab-runner = { - enable = true; - concurrent = 4; - services = { - infra4future = { - buildsDir = "/persist/var/lib/gitlab-runner/builds"; - dockerImage = "nixos/nix"; - executor = "docker"; - registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env"; - }; - nix = { - limit = 1; # don't run multiple jobs - registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env"; - dockerImage = "alpine"; - dockerVolumes = [ - "/nix/store:/nix/store:ro" - "/nix/var/nix/db:/nix/var/nix/db:ro" - "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" - ]; - dockerDisableCache = true; - preBuildScript = pkgs.writeScript "setup-container" '' - mkdir -p -m 0755 /nix/var/log/nix/drvs - mkdir -p -m 0755 /nix/var/nix/gcroots - mkdir -p -m 0755 /nix/var/nix/profiles - mkdir -p -m 0755 /nix/var/nix/temproots - mkdir -p -m 0755 /nix/var/nix/userpool - mkdir -p -m 1777 /nix/var/nix/gcroots/per-user - mkdir -p -m 1777 /nix/var/nix/profiles/per-user - mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root - mkdir -p -m 0700 "$HOME/.nix-defexpr" - . ${pkgs.nix}/etc/profile.d/nix.sh - ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} - ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable - ${pkgs.nix}/bin/nix-channel --update nixpkgs - ''; - environmentVariables = { - ENV = "/etc/profile"; - USER = "root"; - NIX_REMOTE = "daemon"; - PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; - NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; - }; - tagList = [ "nix" ]; - }; - }; - }; - - systemd.services.gitlab-runner.serviceConfig = { - DynamicUser = lib.mkForce false; - User = "gitlab-runner"; - }; - - users.users.gitlab-runner = { - home = "/persist/var/lib/gitlab-runner"; - extraGroups = [ "docker" ]; - isSystemUser = true; - group = "nogroup"; - }; - - virtualisation.docker.storageDriver = "zfs"; -} diff --git a/services/gitlab.nix b/services/gitlab.nix deleted file mode 100644 index 8a2c708..0000000 --- a/services/gitlab.nix +++ /dev/null @@ -1,165 +0,0 @@ -{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}: - -{ - containers.gitlab = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.1"; - localAddress = "192.168.100.7"; - - bindMounts = { - "/persist" = { - hostPath = "/persist/containers/gitlab"; - isReadOnly = false; - }; - }; - - path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { - boot.isContainer = true; - networking.useDHCP = false; - users.users.root.hashedPassword = ""; - - imports = [ - ../modules/mattermost.nix - ((import sources.nix-hexchen) {}).profiles.nopersist - ]; - - nixpkgs.config.allowUnfree = true; - networking.firewall.enable = false; - networking.defaultGateway = { - address = "192.168.100.1"; - interface = "eth0"; - }; - - services.gitlab = { - enable = true; - - databaseCreateLocally = true; - - host = "gitlab.infra4future.de"; - https = true; - port = 443; - - statePath = "/persist/gitlab"; - user = "git"; - databaseUsername = "git"; - - initialRootPasswordFile = "/persist/secrets/gitlab-root"; - secrets.secretFile = "/persist/secrets/gitlab-secret"; - secrets.dbFile = "/persist/secrets/gitlab-db"; - secrets.otpFile = "/persist/secrets/gitlab-otp"; - secrets.jwsFile = "/persist/secrets/gitlab-jws"; - - smtp = { - enable = true; - address = "mail.hacc.space"; - port = 587; - authentication = "plain"; - domain = "gitlab.infra4future.de"; - enableStartTLSAuto = true; - username = "noreply@infra4future.de"; - passwordFile = "/persist/secrets/noreply-pass"; - }; - - pagesExtraArgs = [ "-listen-proxy" "0.0.0.0:8090" ]; - extraConfig = { - pages = { - enabled = true; - host = "4future.dev"; - port = 443; - https = true; - }; - omniauth = { - enabled = true; - auto_sign_in_with_provider = "oauth2_generic"; - allow_single_sign_on = ["oauth2_generic"]; - block_auto_created_users = false; - providers = [ - { - name = "oauth2_generic"; - label = "infra4future Login"; - app_id = "gitlab"; - app_secret = { _secret = "/persist/secrets/oidc-clientsecret"; }; - args = { - client_options = { - site = "https://login.infra4future.de"; - user_info_url = "/oauth2/userinfo"; - authorize_url = "/oauth2/authorize"; - token_url = "/oauth2/token"; - }; - strategy_class ="OmniAuth::Strategies::OAuth2Generic"; - }; - } - ]; - }; - }; - }; - - services.redis.enable = true; - services.postgresql.package = pkgs.postgresql_13; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts."gitlab.infra4future.de" = { - default = true; - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; - locations."/".extraConfig = '' - proxy_redirect off; - ''; - }; - }; - - services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - - users.users.git = { - isSystemUser = true; - group = "gitlab"; - home = "/persist/gitlab/home"; - uid = 165; - }; - - services.coredns = { - enable = true; - config = '' - .:53 { - forward . 1.1.1.1 - } - ''; - }; - })).config.system.build.toplevel; - }; - - # hexchen.nftables.nat.forwardPorts = [{ - # ports = [ 22 ]; - # destination = "${config.containers.gitlab.localAddress}:22"; - # proto = "tcp"; - # }]; - - services.nginx.virtualHosts."gitlab.infra4future.de" = { - locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80"; - locations."/".extraConfig = '' - proxy_set_header X-Nginx-Proxy true; - proxy_redirect off; - ''; - enableACME = true; - forceSSL = true; - }; - - services.nginx.virtualHosts."4future.dev" = { - locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:8090"; - serverName = "~^((.*)\.)?4future\.dev$"; - useACMEHost = "4future.dev"; - forceSSL = true; - }; - - security.acme.certs."4future.dev" = { - dnsProvider = "cloudflare"; - credentialsFile = "/var/lib/acme/cloudflare.pass"; - extraDomainNames = [ "*.4future.dev" ]; - group = config.services.nginx.group; - }; -}