forked from hacc/haccfiles
services/gitlab: init ssh
This commit is contained in:
parent
373926e33b
commit
69e49a0020
1 changed files with 18 additions and 0 deletions
|
@ -41,6 +41,8 @@
|
||||||
port = 443;
|
port = 443;
|
||||||
|
|
||||||
statePath = "/persist/gitlab";
|
statePath = "/persist/gitlab";
|
||||||
|
user = "git";
|
||||||
|
databaseUsername = "git";
|
||||||
|
|
||||||
initialRootPasswordFile = "/persist/secrets/gitlab-root";
|
initialRootPasswordFile = "/persist/secrets/gitlab-root";
|
||||||
secrets.secretFile = "/persist/secrets/gitlab-secret";
|
secrets.secretFile = "/persist/secrets/gitlab-secret";
|
||||||
|
@ -113,6 +115,16 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.openssh.enable = true;
|
||||||
|
services.openssh.passwordAuthentication = false;
|
||||||
|
|
||||||
|
users.users.git = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "gitlab";
|
||||||
|
home = "/persist/gitlab/home";
|
||||||
|
uid = 165;
|
||||||
|
};
|
||||||
|
|
||||||
services.coredns = {
|
services.coredns = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
|
@ -124,6 +136,12 @@
|
||||||
})).config.system.build.toplevel;
|
})).config.system.build.toplevel;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
hexchen.nftables.nat.forwardPorts = [{
|
||||||
|
ports = [ 22 ];
|
||||||
|
destination = "${config.containers.gitlab.localAddress}:22";
|
||||||
|
proto = "tcp";
|
||||||
|
}];
|
||||||
|
|
||||||
services.nginx.virtualHosts."gitlab.infra4future.de" = {
|
services.nginx.virtualHosts."gitlab.infra4future.de" = {
|
||||||
locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80";
|
locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80";
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
|
|
Loading…
Reference in a new issue