Use unstable channel
parent
20adbe260f
commit
45710c9a76
GPG Key ID:
BE44DA8C062D87DC
|
|
@ -16,7 +16,7 @@ Notes:
|
|||
nix-env -iA nixos.gitMinimal
|
||||
git clone https://code.dumpstack.io/infra/code.dumpstack.io.git /mnt/etc/nixos/
|
||||
|
||||
nix-channel --add https://nixos.org/channels/nixos-unstable unstable
|
||||
nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||
nix-channel --update
|
||||
|
||||
nixos-generate-config --root /mnt
|
||||
|
|
@ -26,4 +26,5 @@ Notes:
|
|||
|
||||
## After install
|
||||
|
||||
nix-channel --add https://nixos.org/channels/nixos-unstable unstable
|
||||
nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||
nix-channel --update
|
||||
|
|
|
|||
|
|
@ -1,25 +1,26 @@
|
|||
# nix-channel --add https://nixos.org/channels/nixos-19.03 nixos
|
||||
# nix-channel --add https://nixos.org/channels/nixos-unstable unstable
|
||||
# nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||
# nix-channel --update
|
||||
#
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
unstable = import <unstable> {};
|
||||
secrets = import ./secrets.nix;
|
||||
hostname = "code.dumpstack.io";
|
||||
in {
|
||||
disabledModules = [ "services/misc/gitea.nix" ];
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
<unstable/nixos/modules/services/misc/gitea.nix>
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.device = "/dev/vda";
|
||||
|
||||
networking.hostName = "${hostname}";
|
||||
swapDevices = [
|
||||
{ device = "/var/swapfile";
|
||||
size = 2048; # MiB
|
||||
}
|
||||
];
|
||||
|
||||
networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}";
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
|
|
@ -41,17 +42,26 @@ in {
|
|||
appName = "${hostname}";
|
||||
domain = "${hostname}";
|
||||
rootUrl = "https://${hostname}";
|
||||
extraConfig = ''
|
||||
[service]
|
||||
DISABLE_REGISTRATION = true
|
||||
|
||||
[ui]
|
||||
DEFAULT_THEME = gitea
|
||||
'';
|
||||
disableRegistration = true;
|
||||
settings = {
|
||||
"ui" = {
|
||||
DEFAULT_THEME = "gitea";
|
||||
};
|
||||
"attachment" = {
|
||||
ENABLED = true;
|
||||
ALLOWED_TYPES = "*/*";
|
||||
};
|
||||
"other" = {
|
||||
SHOW_FOOTER_VERSION = false;
|
||||
};
|
||||
"repository.signing" = {
|
||||
DEFAULT_TRUST_MODEL = "committer";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.gitea.serviceConfig.SystemCallFilter =
|
||||
lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @setuid @swap";
|
||||
security.acme.email = "letsencrypt@dumpstack.io";
|
||||
security.acme.acceptTerms = true;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
@ -63,24 +73,12 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
# force update all channels
|
||||
systemd.services.nixos-upgrade.serviceConfig.ExecStartPre =
|
||||
"${pkgs.nix}/bin/nix-channel --update";
|
||||
|
||||
systemd.services.nixos-upgrade.serviceConfig.ExecStartPost = pkgs.writeScript "post-upgrade-check" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
current=$(readlink -f /run/current-system/kernel)
|
||||
booted=$(readlink -f /run/booted-system/kernel)
|
||||
if [ "$current" != "$booted" ]; then
|
||||
echo "kernel changed, reboot" | systemd-cat --identifier "post-upgrade-check";
|
||||
reboot
|
||||
else
|
||||
echo "same kernel, do not reboot" | systemd-cat --identifier "post-upgrade-check";
|
||||
fi
|
||||
'';
|
||||
system.autoUpgrade = {
|
||||
enable = true;
|
||||
allowReboot = true;
|
||||
};
|
||||
|
||||
system.stateVersion = "19.03";
|
||||
system.autoUpgrade.enable = true;
|
||||
|
||||
nix = {
|
||||
optimise.automatic = true;
|
||||
|
|
|
|||
Loading…
Reference in New Issue