Use unstable channel
This commit is contained in:
parent
20adbe260f
commit
45710c9a76
@ -16,7 +16,7 @@ Notes:
|
|||||||
nix-env -iA nixos.gitMinimal
|
nix-env -iA nixos.gitMinimal
|
||||||
git clone https://code.dumpstack.io/infra/code.dumpstack.io.git /mnt/etc/nixos/
|
git clone https://code.dumpstack.io/infra/code.dumpstack.io.git /mnt/etc/nixos/
|
||||||
|
|
||||||
nix-channel --add https://nixos.org/channels/nixos-unstable unstable
|
nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||||
nix-channel --update
|
nix-channel --update
|
||||||
|
|
||||||
nixos-generate-config --root /mnt
|
nixos-generate-config --root /mnt
|
||||||
@ -26,4 +26,5 @@ Notes:
|
|||||||
|
|
||||||
## After install
|
## After install
|
||||||
|
|
||||||
nix-channel --add https://nixos.org/channels/nixos-unstable unstable
|
nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||||
|
nix-channel --update
|
||||||
|
@ -1,25 +1,26 @@
|
|||||||
# nix-channel --add https://nixos.org/channels/nixos-19.03 nixos
|
# nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||||
# nix-channel --add https://nixos.org/channels/nixos-unstable unstable
|
|
||||||
# nix-channel --update
|
# nix-channel --update
|
||||||
#
|
#
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
unstable = import <unstable> {};
|
|
||||||
secrets = import ./secrets.nix;
|
secrets = import ./secrets.nix;
|
||||||
hostname = "code.dumpstack.io";
|
hostname = "code.dumpstack.io";
|
||||||
in {
|
in {
|
||||||
disabledModules = [ "services/misc/gitea.nix" ];
|
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
<unstable/nixos/modules/services/misc/gitea.nix>
|
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
boot.loader.grub.device = "/dev/vda";
|
boot.loader.grub.device = "/dev/vda";
|
||||||
|
|
||||||
networking.hostName = "${hostname}";
|
swapDevices = [
|
||||||
|
{ device = "/var/swapfile";
|
||||||
|
size = 2048; # MiB
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}";
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -41,17 +42,26 @@ in {
|
|||||||
appName = "${hostname}";
|
appName = "${hostname}";
|
||||||
domain = "${hostname}";
|
domain = "${hostname}";
|
||||||
rootUrl = "https://${hostname}";
|
rootUrl = "https://${hostname}";
|
||||||
extraConfig = ''
|
disableRegistration = true;
|
||||||
[service]
|
settings = {
|
||||||
DISABLE_REGISTRATION = true
|
"ui" = {
|
||||||
|
DEFAULT_THEME = "gitea";
|
||||||
[ui]
|
};
|
||||||
DEFAULT_THEME = gitea
|
"attachment" = {
|
||||||
'';
|
ENABLED = true;
|
||||||
|
ALLOWED_TYPES = "*/*";
|
||||||
|
};
|
||||||
|
"other" = {
|
||||||
|
SHOW_FOOTER_VERSION = false;
|
||||||
|
};
|
||||||
|
"repository.signing" = {
|
||||||
|
DEFAULT_TRUST_MODEL = "committer";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.gitea.serviceConfig.SystemCallFilter =
|
security.acme.email = "letsencrypt@dumpstack.io";
|
||||||
lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @setuid @swap";
|
security.acme.acceptTerms = true;
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -63,24 +73,12 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# force update all channels
|
system.autoUpgrade = {
|
||||||
systemd.services.nixos-upgrade.serviceConfig.ExecStartPre =
|
enable = true;
|
||||||
"${pkgs.nix}/bin/nix-channel --update";
|
allowReboot = true;
|
||||||
|
};
|
||||||
systemd.services.nixos-upgrade.serviceConfig.ExecStartPost = pkgs.writeScript "post-upgrade-check" ''
|
|
||||||
#!${pkgs.stdenv.shell}
|
|
||||||
current=$(readlink -f /run/current-system/kernel)
|
|
||||||
booted=$(readlink -f /run/booted-system/kernel)
|
|
||||||
if [ "$current" != "$booted" ]; then
|
|
||||||
echo "kernel changed, reboot" | systemd-cat --identifier "post-upgrade-check";
|
|
||||||
reboot
|
|
||||||
else
|
|
||||||
echo "same kernel, do not reboot" | systemd-cat --identifier "post-upgrade-check";
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
system.stateVersion = "19.03";
|
system.stateVersion = "19.03";
|
||||||
system.autoUpgrade.enable = true;
|
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
optimise.automatic = true;
|
optimise.automatic = true;
|
||||||
|
Loading…
Reference in New Issue
Block a user