From 35189ed6def9c7ec48014e6ec47468cb36ded96b Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 9 Aug 2022 22:33:05 +0200
Subject: [PATCH] VEGAS/gitlab: use Patroni database

---
 hosts/VEGAS/services/gitlab/default.nix |  11 ++++++++++-
 secrets.nix                             |   1 +
 secrets/gitlab-db-credentials.age       | Bin 0 -> 758 bytes
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 secrets/gitlab-db-credentials.age

diff --git a/hosts/VEGAS/services/gitlab/default.nix b/hosts/VEGAS/services/gitlab/default.nix
index 8bba907..518c3dd 100644
--- a/hosts/VEGAS/services/gitlab/default.nix
+++ b/hosts/VEGAS/services/gitlab/default.nix
@@ -1,8 +1,10 @@
-{ config, lib, tools, ... }:
+{ cluster, config, lib, tools, ... }:
 
 let
   inherit (tools.meta) domain adminEmail;
 
+  patroni = cluster.config.links.patroni-pg-access;
+
   mkSecret = name: {
     owner = "gitlab";
     group = "gitlab";
@@ -17,6 +19,7 @@ in
 
 {
   age.secrets = lib.flip lib.genAttrs mkSecret [
+    "gitlab-db-credentials"
     "gitlab-initial-root-password"
     "gitlab-openid-secret"
     "gitlab-runner-registration"
@@ -32,6 +35,12 @@ in
     host = "git.${domain}";
     port = 443;
 
+    databaseCreateLocally = false;
+    databaseHost = patroni.ipv4;
+    extraDatabaseConfig = { inherit (patroni) port; };
+    databaseUsername = "gitlab";
+    databasePasswordFile = secrets.gitlab-db-credentials;
+
     initialRootEmail = adminEmail;
 
     statePath = "/srv/storage/private/gitlab/state";
diff --git a/secrets.nix b/secrets.nix
index 268f16c..66047f5 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -15,6 +15,7 @@ in with hosts;
   "cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
   "secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
+  "secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "secrets/gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "secrets/gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];
diff --git a/secrets/gitlab-db-credentials.age b/secrets/gitlab-db-credentials.age
new file mode 100644
index 0000000000000000000000000000000000000000..485ac1590fe9326996117852f8f874fd576ec141
GIT binary patch
literal 758
zcmZ9`-AfYz008hr%2=6wftdzF>!Id#x0}1|iiF#CTepw9-P|>AAbGdV+ji~lyxVTx
zg3zKKqKv)>DzNB7At{0&v4`p*E25Gtl2ZDxkfIPD(t_ygwZGu^<AfBDk`k(+<TJ9g
zSyly5x0--vv!<niR1&t^t*Du#><EmRqb%!zWsY;o&II96oH*QBLJAo$%%V2R%YuFl
z(_4aM0O=x3ZpO=VFwCN=h(dVK;H*gtK_(P6=g5H>*aPZ2tX_xi?hx_+H9J^}LPay_
z^yDxfBqjA2S?n|-B&QfiRx9w7u2A{B>`lh#PK39G8QO$n&OBo!2&=|G2pZj$z)F5T
z62l<B7;}gO7*(XAr2~(6`OyDb(iZa-Ff$DrI>cc@!4>9PeOV$MDsYiJW5{%pq7p&c
zg8C6g{`>HVCW!@uF;{^1Q$k4<sj!1{*g~p^TLd^#)a<e)qxmFv9ByHn{%KefjR1n0
z;<S{RjhR~0tPaJ}ahXE%27!iiVOb+GRGdV-80jEcupnjiT}q$?2Z{`;VGh9r0D#$m
zm@pBFP?|d)mxZj#8>l0P+MFI0$%0<clPR)v5T^|{N0_!wE^zhkzR|e*FuTIfR<+t!
zB`OL-a{G&_QkARinC)$M*8sM1_UxB{5}yc(TFs`?o9XVUx#+Rx(t#mh^+xCT&Vl;&
zQ}g$4sXL|9PnZ5arM^Fc*QFO+{{@afzx&qoHiXCLJ3H#0T!kmwtFBq=y-mu)n!V3b
zu8QG98<@3i>t|+`9lir9GxvXTwdJlm$>D~&<&T9L`uyhha}T!kyq<2T-S=zBr!()a
z&KAE{ZeMtB>S*r7%Xt5&nQ!sGe|}(LHGcf!wy#9j@axNIU`%X`4BWoB{!#H`*{csV
zW#0z1=A)J6jT7hl-rSs9v~`3JR$nT|Mjkn*W_#MCp?>_z;?MbBU&Y-E(`CGEUB|((
SJ+&7;{usQsfBET?qkjM(YaNsT

literal 0
HcmV?d00001