VEGAS/gitlab: use Patroni database

2022-08-09 22:33:05 +02:00 · 2022-08-09 22:33:05 +02:00 · 35189ed6de
commit 35189ed6de
parent 0689f5586c
3 changed files with 11 additions and 1 deletions
--- a/hosts/VEGAS/services/gitlab/default.nix
+++ b/hosts/VEGAS/services/gitlab/default.nix
@ -1,8 +1,10 @@
-{ config, lib, tools, ... }:
+{ cluster, config, lib, tools, ... }:

 let
  inherit (tools.meta) domain adminEmail;

+  patroni = cluster.config.links.patroni-pg-access;
+
  mkSecret = name: {
    owner = "gitlab";
    group = "gitlab";
@ -17,6 +19,7 @@ in

 {
  age.secrets = lib.flip lib.genAttrs mkSecret [
+    "gitlab-db-credentials"
    "gitlab-initial-root-password"
    "gitlab-openid-secret"
    "gitlab-runner-registration"
@ -32,6 +35,12 @@ in
    host = "git.${domain}";
    port = 443;

+    databaseCreateLocally = false;
+    databaseHost = patroni.ipv4;
+    extraDatabaseConfig = { inherit (patroni) port; };
+    databaseUsername = "gitlab";
+    databasePasswordFile = secrets.gitlab-db-credentials;
+
    initialRootEmail = adminEmail;

    statePath = "/srv/storage/private/gitlab/state";
--- a/secrets.nix
+++ b/secrets.nix
@ -15,6 +15,7 @@ in with hosts;
  "cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
+  "secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];
--- a/secrets/gitlab-db-credentials.age
+++ b/secrets/gitlab-db-credentials.age