From 45710c9a76d3ca78c212e08b0e36dc9d6e75c03e Mon Sep 17 00:00:00 2001 From: Mikhail Klementev Date: Sun, 20 Mar 2022 16:33:00 +0000 Subject: [PATCH] Use unstable channel --- README.md | 5 ++-- configuration.nix | 62 +++++++++++++++++++++++------------------------ 2 files changed, 33 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 7c53d08..d4d8375 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Notes: nix-env -iA nixos.gitMinimal git clone https://code.dumpstack.io/infra/code.dumpstack.io.git /mnt/etc/nixos/ - nix-channel --add https://nixos.org/channels/nixos-unstable unstable + nix-channel --add https://nixos.org/channels/nixos-unstable nixos nix-channel --update nixos-generate-config --root /mnt @@ -26,4 +26,5 @@ Notes: ## After install - nix-channel --add https://nixos.org/channels/nixos-unstable unstable + nix-channel --add https://nixos.org/channels/nixos-unstable nixos + nix-channel --update diff --git a/configuration.nix b/configuration.nix index 6da6ed0..eb27cc5 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,25 +1,26 @@ -# nix-channel --add https://nixos.org/channels/nixos-19.03 nixos -# nix-channel --add https://nixos.org/channels/nixos-unstable unstable +# nix-channel --add https://nixos.org/channels/nixos-unstable nixos # nix-channel --update # { config, pkgs, lib, ... }: let - unstable = import {}; secrets = import ./secrets.nix; hostname = "code.dumpstack.io"; in { - disabledModules = [ "services/misc/gitea.nix" ]; - imports = [ ./hardware-configuration.nix - ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; - networking.hostName = "${hostname}"; + swapDevices = [ + { device = "/var/swapfile"; + size = 2048; # MiB + } + ]; + + networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}"; networking.firewall = { enable = true; @@ -41,17 +42,26 @@ in { appName = "${hostname}"; domain = "${hostname}"; rootUrl = "https://${hostname}"; - extraConfig = '' - [service] - DISABLE_REGISTRATION = true - - [ui] - DEFAULT_THEME = gitea - ''; + disableRegistration = true; + settings = { + "ui" = { + DEFAULT_THEME = "gitea"; + }; + "attachment" = { + ENABLED = true; + ALLOWED_TYPES = "*/*"; + }; + "other" = { + SHOW_FOOTER_VERSION = false; + }; + "repository.signing" = { + DEFAULT_TRUST_MODEL = "committer"; + }; + }; }; - systemd.services.gitea.serviceConfig.SystemCallFilter = - lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @setuid @swap"; + security.acme.email = "letsencrypt@dumpstack.io"; + security.acme.acceptTerms = true; services.nginx = { enable = true; @@ -63,24 +73,12 @@ in { }; }; - # force update all channels - systemd.services.nixos-upgrade.serviceConfig.ExecStartPre = - "${pkgs.nix}/bin/nix-channel --update"; - - systemd.services.nixos-upgrade.serviceConfig.ExecStartPost = pkgs.writeScript "post-upgrade-check" '' - #!${pkgs.stdenv.shell} - current=$(readlink -f /run/current-system/kernel) - booted=$(readlink -f /run/booted-system/kernel) - if [ "$current" != "$booted" ]; then - echo "kernel changed, reboot" | systemd-cat --identifier "post-upgrade-check"; - reboot - else - echo "same kernel, do not reboot" | systemd-cat --identifier "post-upgrade-check"; - fi - ''; + system.autoUpgrade = { + enable = true; + allowReboot = true; + }; system.stateVersion = "19.03"; - system.autoUpgrade.enable = true; nix = { optimise.automatic = true;