2019-07-24 06:33:16 +00:00
|
|
|
# nix-channel --add https://nixos.org/channels/nixos-19.03 nixos
|
|
|
|
# nix-channel --add https://nixos.org/channels/nixos-unstable unstable
|
|
|
|
# nix-channel --update
|
|
|
|
#
|
2019-02-02 19:45:05 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
let
|
2019-07-24 06:33:16 +00:00
|
|
|
unstable = import <unstable> {};
|
2019-02-02 19:45:05 +00:00
|
|
|
secrets = import ./secrets.nix;
|
|
|
|
hostname = "code.dumpstack.io";
|
|
|
|
in {
|
2019-07-24 06:33:16 +00:00
|
|
|
disabledModules = [ "services/misc/gitea.nix" ];
|
|
|
|
|
|
|
|
imports = [
|
|
|
|
./hardware-configuration.nix
|
|
|
|
<unstable/nixos/modules/services/misc/gitea.nix>
|
|
|
|
];
|
2019-02-02 19:45:05 +00:00
|
|
|
|
|
|
|
boot.loader.grub.enable = true;
|
|
|
|
boot.loader.grub.version = 2;
|
|
|
|
boot.loader.grub.device = "/dev/vda";
|
|
|
|
|
|
|
|
networking.hostName = "${hostname}";
|
|
|
|
|
|
|
|
networking.firewall = {
|
|
|
|
enable = true;
|
|
|
|
allowedTCPPorts = [ 80 443 ];
|
|
|
|
};
|
|
|
|
|
|
|
|
users.extraUsers.root = {
|
|
|
|
openssh.authorizedKeys.keys = [ secrets.pubkey ];
|
|
|
|
};
|
|
|
|
|
|
|
|
services.openssh.enable = true;
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
vim
|
|
|
|
];
|
|
|
|
|
|
|
|
services.gitea = {
|
|
|
|
enable = true;
|
|
|
|
appName = "${hostname}";
|
|
|
|
domain = "${hostname}";
|
|
|
|
rootUrl = "https://${hostname}";
|
|
|
|
extraConfig = ''
|
|
|
|
[service]
|
|
|
|
DISABLE_REGISTRATION = true
|
|
|
|
|
|
|
|
[ui]
|
2019-04-12 17:24:06 +00:00
|
|
|
DEFAULT_THEME = gitea
|
2019-02-02 19:45:05 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts."${hostname}" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
|
|
|
|
locations."/".proxyPass = "http://127.0.0.1:3000";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2019-04-12 17:24:45 +00:00
|
|
|
systemd.services.nixos-upgrade.serviceConfig.ExecStartPost = pkgs.writeScript "post-upgrade-check" ''
|
|
|
|
#!${pkgs.stdenv.shell}
|
|
|
|
current=$(readlink -f /run/current-system/kernel)
|
|
|
|
booted=$(readlink -f /run/booted-system/kernel)
|
|
|
|
if [ "$current" != "$booted" ]; then
|
|
|
|
echo "kernel changed, reboot" | systemd-cat --identifier "post-upgrade-check";
|
|
|
|
reboot
|
|
|
|
else
|
|
|
|
echo "same kernel, do not reboot" | systemd-cat --identifier "post-upgrade-check";
|
|
|
|
fi
|
|
|
|
'';
|
|
|
|
|
2019-07-24 06:33:16 +00:00
|
|
|
system.stateVersion = "19.03";
|
2019-02-02 19:45:05 +00:00
|
|
|
system.autoUpgrade.enable = true;
|
2019-04-12 17:25:39 +00:00
|
|
|
|
2019-04-12 17:41:59 +00:00
|
|
|
nix = {
|
|
|
|
optimise.automatic = true;
|
|
|
|
gc = {
|
|
|
|
automatic = true;
|
|
|
|
options = "--delete-older-than 7d";
|
|
|
|
};
|
|
|
|
};
|
2019-02-02 19:45:05 +00:00
|
|
|
}
|