services: Move configurations out of main configuration.nix file

2020-02-02 16:48:45 +09:00 · 2020-02-02 16:48:45 +09:00 · ff005a6bbe
commit ff005a6bbe
parent 767095e6ab
5 changed files with 83 additions and 57 deletions
--- a/etc/nixos/services/configs/gitlab.rb
+++ b/etc/nixos/services/configs/gitlab.rb
@ -0,0 +1,18 @@
+external_url 'https://gitlab.tlater.net/';
+pages_external_url 'https://pages.tlater.net/';
+
+gitlab_rails['gitlab_shell_ssh_port'] = 3022;
+
+user['git_user_email'] = 'gitlab@tlater.net';
+gitlab_rails['gitlab_email_from'] = 'gitlab@tlater.net';
+gitlab_rails['gitlab_email_display_name'] = 'GitLab';
+gitlab_rails['gitlab_email_reply_to'] = 'noreply@tlater.net';
+gitlab_rails['incoming_email_enabled'] = false;
+
+gitlab_rails['registry_enabled'] = false;
+
+letsencrypt['enable'] = false;
+nginx['listen_port'] = 80;
+nginx['listen_https'] = false;
+pages_nginx['listen_port'] = 80;
+pages_nginx['listen_https'] = false;
--- a/etc/nixos/services/gitlab.nix
+++ b/etc/nixos/services/gitlab.nix
@ -0,0 +1,21 @@
+{ ... }:
+
+{
+  image = "gitlab/gitlab-ce:latest";
+  ports = [
+    "3022:22"
+  ];
+  volumes = [
+    "gitlab-data:/var/opt/gitlab:Z"
+    "gitlab-logs:/var/log/gitlab:Z"
+    "gitlab-config:/etc/gitlab:Z"
+  ];
+  environment = {
+    VIRTUAL_HOST = "gitlab.tlater.net";
+    LETSENCRYPT_HOST = "gitlab.tlater.net";
+    GITLAB_OMNIBUS_CONFIG = builtins.replaceStrings [ "\n" ] [ "" ] (builtins.readFile ./configs/gitlab.rb);
+  };
+  extraDockerOptions = [
+    "--network=webproxy"
+  ];
+}
--- a/etc/nixos/services/nginx-proxy-letsencrypt.nix
+++ b/etc/nixos/services/nginx-proxy-letsencrypt.nix
@ -0,0 +1,16 @@
+{ ... }:
+
+{
+  image = "jrcs/letsencrypt-nginx-proxy-companion";
+  volumes = [
+    "/var/run/docker.sock:/var/run/docker.sock:ro"
+    "nginx-certs:/etc/nginx/certs"
+  ];
+  environment = {
+    DEFAULT_EMAIL = "tm@tlater.net";
+  };
+  extraDockerOptions = [
+    "--volumes-from"
+    "docker-nginx-proxy.service"
+  ];
+}
--- a/etc/nixos/services/nginx-proxy.nix
+++ b/etc/nixos/services/nginx-proxy.nix
@ -0,0 +1,26 @@
+{ ... }:
+
+{
+  image = "jwilder/nginx-proxy:alpine";
+  ports = [
+    "80:80"
+    "443:443"
+  ];
+  volumes = [
+    # So that we can watch new containers come up
+    "/var/run/docker.sock:/tmp/docker.sock:ro"
+    # So that we can access generated certs
+    "nginx-certs:/etc/nginx/certs:ro"
+    # So that we can write challenge files for letsencrypt auth
+    "nginx-challenges:/usr/share/nginx/html"
+    # So that we can modify config on-the-fly to set up challenge
+    # files
+    "nginx-conf:/etc/nginx/vhost.d"
+  ];
+  environment = {
+    DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
+  };
+  extraDockerOptions = [
+    "--network=webproxy"
+  ];
+}