update secrets

2026-01-11 09:44:08 -05:00 · 2025-03-31 18:44:40 -04:00 · 2025-03-31 18:44:40 -04:00 · 8fd37ac332
commit 8fd37ac332
parent 9ea4f81015
5 changed files with 40 additions and 15 deletions
--- a/flake.lock
+++ b/flake.lock
@ -270,11 +270,11 @@
    },
    "nix-secrets": {
      "locked": {
-        "lastModified": 1742303949,
-        "narHash": "sha256-JFJmE1hnIfmUIqTQH3JoTtf5/Bws5TAEOcMviVl0QT8=",
+        "lastModified": 1743461057,
+        "narHash": "sha256-xHT8l0aGNEF8Tbj9/EBWB7icxP0OBQCJAysyExRsdmc=",
        "ref": "refs/heads/master",
-        "rev": "16ceae4d06702a6ddbca2e86175b308703a7f477",
-        "revCount": 51,
+        "rev": "100e6817b2277d9d3dfc358392ada2f03a5239f5",
+        "revCount": 56,
        "type": "git",
        "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
      },
@ -488,11 +488,11 @@
        "nvf": "nvf"
      },
      "locked": {
-        "lastModified": 1742483763,
-        "narHash": "sha256-OwplHdVCpSXWdIGHM9PY7E0xjADWp2L+Eoj2OGI9Xrc=",
+        "lastModified": 1743459624,
+        "narHash": "sha256-UCyEB+RuT7sZ7vxS0SaqFE1Wi7GMU9LgvuzvcG426Kg=",
        "owner": "TheWanderingCrow",
        "repo": "nvix",
-        "rev": "612f8f58b1c8106cb866e8dc3d69f770cd0c7deb",
+        "rev": "f6362b822b3d32b458576b689645e2761ebf1205",
        "type": "github"
      },
      "original": {
--- a/modules/users/overseer/services/default.nix
+++ b/modules/users/overseer/services/default.nix
@ -10,5 +10,6 @@
    ./frigate.nix
    ./trilium.nix
    ./grocy.nix
+    ./gitlab.nix
  ];
 }
--- a/modules/users/overseer/services/gitlab.nix
+++ b/modules/users/overseer/services/gitlab.nix
@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  ...
+}:
+lib.mkIf config.user.overseer.enable {
+  sops = {
+    secrets = {
+      "gitlab/db_password" = {};
+      "gitlab/secrets/db" = {};
+      "gitlab/secrets/jws" = {};
+      "gitlab/secrets/otp" = {};
+      "gitlab/secrets/secret" = {};
+    };
+  };
+
+  services.gitlab = {
+    enable = true;
+    host = "git.wanderingcrow.net";
+    https = true;
+    databaseCreateLocally = true;
+    databasePasswordFile = config.sops.secrets."gitlab/db_password";
+    initialRootPasswordFile = config.sops.secrets."gitlab/initial_root";
+    secrets = {
+      secretFile = config.sops.secrets."gitlab/secrets/secret";
+      otpFile = config.sops.secrets."gitlab/secrets/otp";
+      jwsFile = config.sops.secrets."gitlab/secrets/jws";
+      dbFile = config.sops.secrets."gitlab/secrets/db";
+    };
+  };
+}
--- a/modules/users/overseer/services/homepage.nix
+++ b/modules/users/overseer/services/homepage.nix
@ -104,14 +104,6 @@ lib.mkIf config.user.overseer.enable {
                }
              ];
            }
-            {
-              Bookstack = [
-                {
-                  icon = "bookstack.svg";
-                  href = "https://bookstack.wanderingcrow.net";
-                }
-              ];
-            }
          ];
        }
        {
--- a/modules/users/overseer/services/trilium.nix
+++ b/modules/users/overseer/services/trilium.nix
@ -22,6 +22,7 @@ lib.mkIf config.user.overseer.enable {
          useACMEHost = "notes.wanderingcrow.net";
          locations."/" = {
            proxyPass = "http://127.0.0.1:8090";
+            proxyWebsockets = true;
          };
        };
      };