Initial

2019-02-02 19:45:05 +00:00
commit 346136de49
5 changed files with 97 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+secrets.nix
+hardware-configuration.nix
--- a/21
+++ b/21
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Mikhail Klementev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/README.md
+++ b/README.md
@@ -0,0 +1,16 @@
+# code.dumpstack.io
+
+## Installation
+
+    parted /dev/vda mklabel msdos
+    parted /dev/vda mkpart primary ext4 0% 100%
+    mkfs.ext4 -L system /dev/vda1
+    mount /dev/vda1 /mnt/
+
+    nix-env -iA nixos.gitMinimal
+	git clone https://code.dumpstack.io/infra/code.dumpstack.io.git /mnt/etc/nixos/
+
+    nixos-generate-config --root /mnt
+
+    nixos-install
+    reboot
--- a/configuration.nix
+++ b/configuration.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+let
+  secrets = import ./secrets.nix;
+  hostname = "code.dumpstack.io";
+in {
+  imports = [ ./hardware-configuration.nix ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda";
+
+  networking.hostName = "${hostname}";
+
+  networking.firewall =  {
+    enable = true;
+    allowedTCPPorts = [ 80 443 ];
+  };
+
+  users.extraUsers.root = {
+    openssh.authorizedKeys.keys = [ secrets.pubkey ];
+  };
+
+  services.openssh.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    vim
+  ];
+
+  services.gitea = {
+    enable = true;
+    appName = "${hostname}";
+    domain = "${hostname}";
+    rootUrl = "https://${hostname}";
+    extraConfig = ''
+      [service]
+      DISABLE_REGISTRATION = true
+
+      [ui]
+      DEFAULT_THEME = arc-green
+    '';
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."${hostname}" = {
+      enableACME = true;
+      forceSSL = true;
+
+      locations."/".proxyPass = "http://127.0.0.1:3000";
+    };
+  };
+
+  system.stateVersion = "18.09";
+  system.autoUpgrade.enable = true;
+}
--- a/secrets.nix.example
+++ b/secrets.nix.example
@@ -0,0 +1,3 @@
+{
+  pubkey = "changeme"; # ssh-add -L
+}