{ lib, config, ... }: let web-port = 19453; hostn = "gitlab.makefu.r"; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { services.gitlab = { enable = true; https = false; port = web-port; secrets = import <secrets/gitlab/secrets.nix>; databasePassword = import <secrets/gitlab/dbpw.nix>; initialRootEmail = "makefu@x.r"; initialRootPassword = import <secrets/gitlab/rootpw.nix>; host = hostn; smtp = { enable = true; domain = "r"; enableStartTLSAuto = false; port = 25; }; }; services.nginx = { enable = lib.mkDefault true; virtualHosts."${hostn}".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; extraConfig = '' if ( $server_addr != "${internal-ip}" ) { return 403; } proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ''; }; }; }