treewide: move nixos modules

2024-07-18 15:04:18 +02:00 · 2024-07-18 15:04:18 +02:00 · 8eff4c5e4f
commit 8eff4c5e4f
parent d84be7c616
73 changed files with 62 additions and 62 deletions
--- a/modules/services/git/default.nix
+++ b/modules/services/git/default.nix
@ -1,85 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [ ./runner.nix ];
-
-  options.chvp.services.git.enable = lib.mkOption {
-    default = false;
-    example = true;
-  };
-
-  config = lib.mkIf config.chvp.services.git.enable {
-    chvp.services.nginx.hosts = [{
-      fqdn = "git.chvp.be";
-      options = {
-        locations."/" = {
-          proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
-          extraConfig = ''
-            client_max_body_size 50M;
-          '';
-        };
-      };
-    }];
-    users = {
-      users = {
-        git = {
-          uid = lib.mkForce 963;
-          group = "git";
-          isSystemUser = true;
-          useDefaultShell = true;
-        };
-        nginx.extraGroups = [ "git" ];
-      };
-      groups.git.gid = lib.mkForce 963;
-    };
-    services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";
-    services.gitlab = {
-      enable = true;
-      statePath = "/var/lib/git/state";
-      backup.path = "/var/lib/git/backup";
-      databaseCreateLocally = true;
-      databaseUsername = "git";
-      databaseName = "git";
-      user = "git";
-      group = "git";
-      host = "git.chvp.be";
-      port = 443;
-      https = true;
-      initialRootEmail = "charlotte@vanpetegem.be";
-      initialRootPasswordFile = config.age.secrets."passwords/services/git/initial-root-password".path;
-      # Hack, https://github.com/NixOS/nixpkgs/pull/135926 broke stuff
-      pages.settings.pages-domain = "not.actually.enabled";
-      secrets = {
-        dbFile = config.age.secrets."passwords/services/git/db".path;
-        jwsFile = config.age.secrets."passwords/services/git/jws".path;
-        otpFile = config.age.secrets."passwords/services/git/otp".path;
-        secretFile = config.age.secrets."passwords/services/git/secret".path;
-      };
-      smtp = {
-        enable = true;
-        enableStartTLSAuto = false;
-      };
-    };
-
-    age.secrets."passwords/services/git/initial-root-password" = {
-      file = ../../../secrets/passwords/services/git/initial-root-password.age;
-      owner = "git";
-    };
-    age.secrets."passwords/services/git/db" = {
-      file = ../../../secrets/passwords/services/git/db.age;
-      owner = "git";
-    };
-    age.secrets."passwords/services/git/jws" = {
-      file = ../../../secrets/passwords/services/git/jws.age;
-      owner = "git";
-    };
-    age.secrets."passwords/services/git/otp" = {
-      file = ../../../secrets/passwords/services/git/otp.age;
-      owner = "git";
-    };
-    age.secrets."passwords/services/git/secret" = {
-      file = ../../../secrets/passwords/services/git/secret.age;
-      owner = "git";
-    };
-  };
-}