From 8fd37ac3329c3414fc1d8da0e2d45eec1d1cd95a Mon Sep 17 00:00:00 2001 From: TheWanderingCrow Date: Mon, 31 Mar 2025 18:44:40 -0400 Subject: [PATCH] update secrets --- flake.lock | 14 ++++----- modules/users/overseer/services/default.nix | 1 + modules/users/overseer/services/gitlab.nix | 31 ++++++++++++++++++++ modules/users/overseer/services/homepage.nix | 8 ----- modules/users/overseer/services/trilium.nix | 1 + 5 files changed, 40 insertions(+), 15 deletions(-) create mode 100644 modules/users/overseer/services/gitlab.nix diff --git a/flake.lock b/flake.lock index 9bad1f5..6bc841b 100644 --- a/flake.lock +++ b/flake.lock @@ -270,11 +270,11 @@ }, "nix-secrets": { "locked": { - "lastModified": 1742303949, - "narHash": "sha256-JFJmE1hnIfmUIqTQH3JoTtf5/Bws5TAEOcMviVl0QT8=", + "lastModified": 1743461057, + "narHash": "sha256-xHT8l0aGNEF8Tbj9/EBWB7icxP0OBQCJAysyExRsdmc=", "ref": "refs/heads/master", - "rev": "16ceae4d06702a6ddbca2e86175b308703a7f477", - "revCount": 51, + "rev": "100e6817b2277d9d3dfc358392ada2f03a5239f5", + "revCount": 56, "type": "git", "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets" }, @@ -488,11 +488,11 @@ "nvf": "nvf" }, "locked": { - "lastModified": 1742483763, - "narHash": "sha256-OwplHdVCpSXWdIGHM9PY7E0xjADWp2L+Eoj2OGI9Xrc=", + "lastModified": 1743459624, + "narHash": "sha256-UCyEB+RuT7sZ7vxS0SaqFE1Wi7GMU9LgvuzvcG426Kg=", "owner": "TheWanderingCrow", "repo": "nvix", - "rev": "612f8f58b1c8106cb866e8dc3d69f770cd0c7deb", + "rev": "f6362b822b3d32b458576b689645e2761ebf1205", "type": "github" }, "original": { diff --git a/modules/users/overseer/services/default.nix b/modules/users/overseer/services/default.nix index 61acb3e..a83ddf1 100644 --- a/modules/users/overseer/services/default.nix +++ b/modules/users/overseer/services/default.nix @@ -10,5 +10,6 @@ ./frigate.nix ./trilium.nix ./grocy.nix + ./gitlab.nix ]; } diff --git a/modules/users/overseer/services/gitlab.nix b/modules/users/overseer/services/gitlab.nix new file mode 100644 index 0000000..80c60df --- /dev/null +++ b/modules/users/overseer/services/gitlab.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + ... +}: +lib.mkIf config.user.overseer.enable { + sops = { + secrets = { + "gitlab/db_password" = {}; + "gitlab/secrets/db" = {}; + "gitlab/secrets/jws" = {}; + "gitlab/secrets/otp" = {}; + "gitlab/secrets/secret" = {}; + }; + }; + + services.gitlab = { + enable = true; + host = "git.wanderingcrow.net"; + https = true; + databaseCreateLocally = true; + databasePasswordFile = config.sops.secrets."gitlab/db_password"; + initialRootPasswordFile = config.sops.secrets."gitlab/initial_root"; + secrets = { + secretFile = config.sops.secrets."gitlab/secrets/secret"; + otpFile = config.sops.secrets."gitlab/secrets/otp"; + jwsFile = config.sops.secrets."gitlab/secrets/jws"; + dbFile = config.sops.secrets."gitlab/secrets/db"; + }; + }; +} diff --git a/modules/users/overseer/services/homepage.nix b/modules/users/overseer/services/homepage.nix index dc6bd51..a6ef530 100644 --- a/modules/users/overseer/services/homepage.nix +++ b/modules/users/overseer/services/homepage.nix @@ -104,14 +104,6 @@ lib.mkIf config.user.overseer.enable { } ]; } - { - Bookstack = [ - { - icon = "bookstack.svg"; - href = "https://bookstack.wanderingcrow.net"; - } - ]; - } ]; } { diff --git a/modules/users/overseer/services/trilium.nix b/modules/users/overseer/services/trilium.nix index 71a6bd4..652e1d4 100644 --- a/modules/users/overseer/services/trilium.nix +++ b/modules/users/overseer/services/trilium.nix @@ -22,6 +22,7 @@ lib.mkIf config.user.overseer.enable { useACMEHost = "notes.wanderingcrow.net"; locations."/" = { proxyPass = "http://127.0.0.1:8090"; + proxyWebsockets = true; }; }; };