fuckwit/nix-config
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

add portforwarder

Browse Source
This commit is contained in:
fuckwit
2025-03-29 14:46:57 +01:00
parent 53ba3a4dc1
commit 4db755eb43
4 changed files with 63 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
nixos/primordial/configuration.nix
View File

@ -1,6 +1,7 @@
{
config,
pkgs,
lib,
...
}: let
mkWellKnown = data: ''
@ -20,6 +21,7 @@ in {
sops.secrets."gitlab-secret-key-base".owner = config.users.users.gitlab.name;
sops.secrets."gitlab-otp-key-base".owner = config.users.users.gitlab.name;
sops.secrets."gitlab-jws-key-pem".owner = config.users.users.gitlab.name;
sops.secrets."gitlab-runner-authentication-file" = {};
imports = [
./mail.nix
@ -28,6 +30,7 @@ in {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
networking = {
hostName = "primordial";
@ -90,6 +93,7 @@ in {
enable = true;
https = true;
host = "gitlab.fuckwit.dev";
port = 443;
databasePasswordFile = secretFile "gitlab-db-password";
initialRootPasswordFile = secretFile "gitlab-initial-root-pw";
secrets = {
@ -98,6 +102,25 @@ in {
dbFile = secretFile "gitlab-db-key-base";
jwsFile = secretFile "gitlab-jws-key-pem";
};
registry = {
enable = true;
defaultForProjects = true;
externalAddress = "https://registry-git.fuckwit.dev";
externalPort = 443;
keyFile = "/run/gitlab/registry.pem";
certFile = "/run/gitlab/registry.crt";
};
};
gitlab-runner = {
enable = true;
services = {
default = {
authenticationTokenConfigFile = secretFile "gitlab-runner-authentication-file";
dockerImage = "debian:stable";
};
};
};
matrix-synapse = {
@ -214,6 +237,15 @@ in {
};
};
virtualHosts."registry-git.fuckwit.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4567";
};
};
# virtualHosts."drone.fuckwit.dev" = {
# enableACME = true;
# addSSL = true;
@ -304,7 +336,11 @@ in {
};
};
virtualisation.podman.enable = true;
virtualisation.podman = {
enable = true;
dockerSocket.enable = true;
};
virtualisation.docker.enable = lib.mkForce false;
users.users."root".openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8zNAXScQ4FoWNxF4+ALJXMSi3EbpqZP5pO9kfg9t8o patrick@NBG1-DC3-PC20-2017-10-24"