update secrets

2025-03-31 18:44:40 -04:00 · 2025-03-31 18:44:40 -04:00 · 8fd37ac332
commit 8fd37ac332
parent 9ea4f81015
5 changed files with 40 additions and 15 deletions
--- a/modules/users/overseer/services/gitlab.nix
+++ b/modules/users/overseer/services/gitlab.nix
@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  ...
+}:
+lib.mkIf config.user.overseer.enable {
+  sops = {
+    secrets = {
+      "gitlab/db_password" = {};
+      "gitlab/secrets/db" = {};
+      "gitlab/secrets/jws" = {};
+      "gitlab/secrets/otp" = {};
+      "gitlab/secrets/secret" = {};
+    };
+  };
+
+  services.gitlab = {
+    enable = true;
+    host = "git.wanderingcrow.net";
+    https = true;
+    databaseCreateLocally = true;
+    databasePasswordFile = config.sops.secrets."gitlab/db_password";
+    initialRootPasswordFile = config.sops.secrets."gitlab/initial_root";
+    secrets = {
+      secretFile = config.sops.secrets."gitlab/secrets/secret";
+      otpFile = config.sops.secrets."gitlab/secrets/otp";
+      jwsFile = config.sops.secrets."gitlab/secrets/jws";
+      dbFile = config.sops.secrets."gitlab/secrets/db";
+    };
+  };
+}