1
0

Use unstable channel

This commit is contained in:
dump_stack() 2022-03-20 16:33:00 +00:00
parent 20adbe260f
commit 45710c9a76
Signed by: dump_stack
GPG Key ID: BE44DA8C062D87DC
2 changed files with 33 additions and 34 deletions

View File

@ -16,7 +16,7 @@ Notes:
nix-env -iA nixos.gitMinimal nix-env -iA nixos.gitMinimal
git clone https://code.dumpstack.io/infra/code.dumpstack.io.git /mnt/etc/nixos/ git clone https://code.dumpstack.io/infra/code.dumpstack.io.git /mnt/etc/nixos/
nix-channel --add https://nixos.org/channels/nixos-unstable unstable nix-channel --add https://nixos.org/channels/nixos-unstable nixos
nix-channel --update nix-channel --update
nixos-generate-config --root /mnt nixos-generate-config --root /mnt
@ -26,4 +26,5 @@ Notes:
## After install ## After install
nix-channel --add https://nixos.org/channels/nixos-unstable unstable nix-channel --add https://nixos.org/channels/nixos-unstable nixos
nix-channel --update

View File

@ -1,25 +1,26 @@
# nix-channel --add https://nixos.org/channels/nixos-19.03 nixos # nix-channel --add https://nixos.org/channels/nixos-unstable nixos
# nix-channel --add https://nixos.org/channels/nixos-unstable unstable
# nix-channel --update # nix-channel --update
# #
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
unstable = import <unstable> {};
secrets = import ./secrets.nix; secrets = import ./secrets.nix;
hostname = "code.dumpstack.io"; hostname = "code.dumpstack.io";
in { in {
disabledModules = [ "services/misc/gitea.nix" ];
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
<unstable/nixos/modules/services/misc/gitea.nix>
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2; boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda"; boot.loader.grub.device = "/dev/vda";
networking.hostName = "${hostname}"; swapDevices = [
{ device = "/var/swapfile";
size = 2048; # MiB
}
];
networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}";
networking.firewall = { networking.firewall = {
enable = true; enable = true;
@ -41,17 +42,26 @@ in {
appName = "${hostname}"; appName = "${hostname}";
domain = "${hostname}"; domain = "${hostname}";
rootUrl = "https://${hostname}"; rootUrl = "https://${hostname}";
extraConfig = '' disableRegistration = true;
[service] settings = {
DISABLE_REGISTRATION = true "ui" = {
DEFAULT_THEME = "gitea";
[ui] };
DEFAULT_THEME = gitea "attachment" = {
''; ENABLED = true;
ALLOWED_TYPES = "*/*";
};
"other" = {
SHOW_FOOTER_VERSION = false;
};
"repository.signing" = {
DEFAULT_TRUST_MODEL = "committer";
};
};
}; };
systemd.services.gitea.serviceConfig.SystemCallFilter = security.acme.email = "letsencrypt@dumpstack.io";
lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @setuid @swap"; security.acme.acceptTerms = true;
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -63,24 +73,12 @@ in {
}; };
}; };
# force update all channels system.autoUpgrade = {
systemd.services.nixos-upgrade.serviceConfig.ExecStartPre = enable = true;
"${pkgs.nix}/bin/nix-channel --update"; allowReboot = true;
};
systemd.services.nixos-upgrade.serviceConfig.ExecStartPost = pkgs.writeScript "post-upgrade-check" ''
#!${pkgs.stdenv.shell}
current=$(readlink -f /run/current-system/kernel)
booted=$(readlink -f /run/booted-system/kernel)
if [ "$current" != "$booted" ]; then
echo "kernel changed, reboot" | systemd-cat --identifier "post-upgrade-check";
reboot
else
echo "same kernel, do not reboot" | systemd-cat --identifier "post-upgrade-check";
fi
'';
system.stateVersion = "19.03"; system.stateVersion = "19.03";
system.autoUpgrade.enable = true;
nix = { nix = {
optimise.automatic = true; optimise.automatic = true;