Use unstable channel

2022-03-20 16:33:00 +00:00 · 2022-03-20 16:33:00 +00:00 · 45710c9a76
commit 45710c9a76
parent 20adbe260f
2 changed files with 33 additions and 34 deletions
--- a/README.md
+++ b/README.md
@ -16,7 +16,7 @@ Notes:
    nix-env -iA nixos.gitMinimal
    git clone https://code.dumpstack.io/infra/code.dumpstack.io.git /mnt/etc/nixos/

-    nix-channel --add https://nixos.org/channels/nixos-unstable unstable
+    nix-channel --add https://nixos.org/channels/nixos-unstable nixos
    nix-channel --update

    nixos-generate-config --root /mnt
@ -26,4 +26,5 @@ Notes:

 ## After install

-    nix-channel --add https://nixos.org/channels/nixos-unstable unstable
+    nix-channel --add https://nixos.org/channels/nixos-unstable nixos
+    nix-channel --update
--- a/configuration.nix
+++ b/configuration.nix
@ -1,25 +1,26 @@
-# nix-channel --add https://nixos.org/channels/nixos-19.03 nixos
-# nix-channel --add https://nixos.org/channels/nixos-unstable unstable
+# nix-channel --add https://nixos.org/channels/nixos-unstable nixos
 # nix-channel --update
 #
 { config, pkgs, lib, ... }:
 let
-  unstable = import <unstable> {};
  secrets = import ./secrets.nix;
  hostname = "code.dumpstack.io";
 in {
-  disabledModules = [ "services/misc/gitea.nix" ];
-
  imports = [
    ./hardware-configuration.nix
-    <unstable/nixos/modules/services/misc/gitea.nix>
  ];

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/vda";

-  networking.hostName = "${hostname}";
+  swapDevices = [
+    { device = "/var/swapfile";
+      size = 2048; # MiB
+    }
+  ];
+
+  networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}";

  networking.firewall =  {
    enable = true;
@ -41,17 +42,26 @@ in {
    appName = "${hostname}";
    domain = "${hostname}";
    rootUrl = "https://${hostname}";
-    extraConfig = ''
-      [service]
-      DISABLE_REGISTRATION = true
-
-      [ui]
-      DEFAULT_THEME = gitea
-    '';
+    disableRegistration = true;
+    settings = {
+      "ui" = {
+        DEFAULT_THEME = "gitea";
+      };
+      "attachment" = {
+        ENABLED = true;
+        ALLOWED_TYPES = "*/*";
+      };
+      "other" = {
+        SHOW_FOOTER_VERSION = false;
+      };
+      "repository.signing" = {
+        DEFAULT_TRUST_MODEL = "committer";
+      };
+    };
  };

-  systemd.services.gitea.serviceConfig.SystemCallFilter =
-    lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @setuid @swap";
+  security.acme.email = "letsencrypt@dumpstack.io";
+  security.acme.acceptTerms = true;

  services.nginx = {
    enable = true;
@ -63,24 +73,12 @@ in {
    };
  };

-  # force update all channels
-  systemd.services.nixos-upgrade.serviceConfig.ExecStartPre =
-    "${pkgs.nix}/bin/nix-channel --update";
-
-  systemd.services.nixos-upgrade.serviceConfig.ExecStartPost = pkgs.writeScript "post-upgrade-check" ''
-    #!${pkgs.stdenv.shell}
-    current=$(readlink -f /run/current-system/kernel)
-    booted=$(readlink -f /run/booted-system/kernel)
-    if [ "$current" != "$booted" ]; then
-      echo "kernel changed, reboot" | systemd-cat --identifier "post-upgrade-check";
-      reboot
-    else
-      echo "same kernel, do not reboot" | systemd-cat --identifier "post-upgrade-check";
-    fi
-  '';
+  system.autoUpgrade = {
+    enable = true;
+    allowReboot = true;
+  };

  system.stateVersion = "19.03";
-  system.autoUpgrade.enable = true;

  nix = {
    optimise.automatic = true;