Move out variables
This commit is contained in:
parent
8457319696
commit
80f64e456a
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
secrets.nix
|
var.nix
|
||||||
hardware-configuration.nix
|
hardware-configuration.nix
|
10
README.md
10
README.md
@ -1,10 +1,6 @@
|
|||||||
# code.dumpstack.io
|
# code.dumpstack.io
|
||||||
|
|
||||||
[Download NixOS installation ISO](https://nixos.org/nixos/download.html)
|
[NixOS](https://nixos.org)
|
||||||
|
|
||||||
Notes:
|
|
||||||
1. I assume that latest **stable** (e.g. 19.03) ISO will be used for installation.
|
|
||||||
2. You need to change hostname in `configuration.nix:9`.
|
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
@ -19,6 +15,10 @@ Notes:
|
|||||||
nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||||
nix-channel --update
|
nix-channel --update
|
||||||
|
|
||||||
|
cd /mnt/etc/nixos
|
||||||
|
cp var.example.nix var.nix
|
||||||
|
vim var.nix
|
||||||
|
|
||||||
nixos-generate-config --root /mnt
|
nixos-generate-config --root /mnt
|
||||||
|
|
||||||
nixos-install
|
nixos-install
|
||||||
|
@ -3,8 +3,7 @@
|
|||||||
#
|
#
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
secrets = import ./secrets.nix;
|
var = import ./var.nix;
|
||||||
hostname = "code.dumpstack.io";
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
@ -19,7 +18,7 @@ in {
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}";
|
networking.hostName = builtins.replaceStrings ["."] ["-"] "${var.hostname}";
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -27,7 +26,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
users.extraUsers.root = {
|
users.extraUsers.root = {
|
||||||
openssh.authorizedKeys.keys = [ secrets.pubkey ];
|
openssh.authorizedKeys.keys = [ var.pubkey ];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
@ -38,12 +37,12 @@ in {
|
|||||||
|
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
appName = "${hostname}";
|
appName = "${var.hostname}";
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
ROOT_URL = "https://${hostname}";
|
ROOT_URL = "https://${var.hostname}";
|
||||||
DOMAIN = "${hostname}";
|
DOMAIN = "${var.hostname}";
|
||||||
};
|
};
|
||||||
service = {
|
service = {
|
||||||
DISABLE_REGISTRATION = true;
|
DISABLE_REGISTRATION = true;
|
||||||
@ -60,12 +59,12 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.defaults.email = "letsencrypt@dumpstack.io";
|
security.acme.defaults.email = var.email;
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."${hostname}" = {
|
virtualHosts."${var.hostname}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
{
|
|
||||||
pubkey = "changeme"; # ssh-add -L
|
|
||||||
}
|
|
5
var.example.nix
Normal file
5
var.example.nix
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
hostname = "gitea.example.com";
|
||||||
|
email = "for_lets_encrypt@example.com";
|
||||||
|
pubkey = "changeme"; # ssh-add -L
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user