add some secrets & asyncnomi key to sysadmin

2025-06-22 01:15:31 +02:00 · 2025-06-22 01:15:31 +02:00 · 1ce8f529ee
commit 1ce8f529ee
parent 9b61f7e9b5
4 changed files with 17 additions and 2 deletions
--- a/profiles/gitlab.nix
+++ b/profiles/gitlab.nix
@ -12,6 +12,9 @@ in
      gitlab-otp-secret = ../secrets/gitlab-otp-secret.age;
      gitlab-db-secret = ../secrets/gitlab-db-secret.age;
      gitlab-jws-secret = ../secrets/gitlab-jws-secret.age;
+      gitlab-arpk-secret = ../secrets/gitlab-arpk-secret.age;
+      gitlab-ardk-secret = ../secrets/gitlab-ardk-secret.age;
+      gitlab-ars-secret = ../secrets/gitlab-ars-secret.age;
      gitlab-db-password = ../secrets/gitlab-db-password.age;
      gitlab-initial-root-password = ../secrets/gitlab-initial-root-password.age;
      gitlab-ldap-password = ../secrets/gitlab-ldap-password.age;
@ -33,6 +36,9 @@ in
      otpFile = secrets.gitlab-otp-secret.path;
      dbFile = secrets.gitlab-db-secret.path;
      jwsFile = secrets.gitlab-jws-secret.path;
+      activeRecordPrimaryKeyFile = secrets.gitlab-arpk-secret.path;
+      activeRecordDeterministicKeyFile = secrets.gitlab-ardk-secret.path;
+      activeRecordSaltFile = secrets.gitlab-ars-secret.path;
    };
    extraConfig.ldap = {
      enabled = true;
@ -55,6 +61,11 @@ in
    };
  };

+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_16;
+  };
+
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
--- a/profiles/sysadmin.nix
+++ b/profiles/sysadmin.nix
@ -4,6 +4,7 @@
    ../pubkeys/bensmrs.keys
    ../pubkeys/tomate.keys
    ../pubkeys/jeltz.keys
+    ../pubkeys/asyncnomi.keys
  ];

  backups.directories = [ "/root" ];