1
0

Move out variables

This commit is contained in:
dump_stack() 2024-06-24 13:23:06 +00:00
parent 8457319696
commit 80f64e456a
Signed by: dump_stack
GPG Key ID: C9905BA72B5E02BB
5 changed files with 20 additions and 19 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
secrets.nix var.nix
hardware-configuration.nix hardware-configuration.nix

View File

@ -1,10 +1,6 @@
# code.dumpstack.io # code.dumpstack.io
[Download NixOS installation ISO](https://nixos.org/nixos/download.html) [NixOS](https://nixos.org)
Notes:
1. I assume that latest **stable** (e.g. 19.03) ISO will be used for installation.
2. You need to change hostname in `configuration.nix:9`.
## Installation ## Installation
@ -19,6 +15,10 @@ Notes:
nix-channel --add https://nixos.org/channels/nixos-unstable nixos nix-channel --add https://nixos.org/channels/nixos-unstable nixos
nix-channel --update nix-channel --update
cd /mnt/etc/nixos
cp var.example.nix var.nix
vim var.nix
nixos-generate-config --root /mnt nixos-generate-config --root /mnt
nixos-install nixos-install

View File

@ -3,8 +3,7 @@
# #
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
secrets = import ./secrets.nix; var = import ./var.nix;
hostname = "code.dumpstack.io";
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -19,7 +18,7 @@ in {
} }
]; ];
networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}"; networking.hostName = builtins.replaceStrings ["."] ["-"] "${var.hostname}";
networking.firewall = { networking.firewall = {
enable = true; enable = true;
@ -27,7 +26,7 @@ in {
}; };
users.extraUsers.root = { users.extraUsers.root = {
openssh.authorizedKeys.keys = [ secrets.pubkey ]; openssh.authorizedKeys.keys = [ var.pubkey ];
}; };
services.openssh.enable = true; services.openssh.enable = true;
@ -38,12 +37,12 @@ in {
services.gitea = { services.gitea = {
enable = true; enable = true;
appName = "${hostname}"; appName = "${var.hostname}";
settings = { settings = {
server = { server = {
ROOT_URL = "https://${hostname}"; ROOT_URL = "https://${var.hostname}";
DOMAIN = "${hostname}"; DOMAIN = "${var.hostname}";
}; };
service = { service = {
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
@ -60,12 +59,12 @@ in {
}; };
}; };
security.acme.defaults.email = "letsencrypt@dumpstack.io"; security.acme.defaults.email = var.email;
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."${hostname}" = { virtualHosts."${var.hostname}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

View File

@ -1,3 +0,0 @@
{
pubkey = "changeme"; # ssh-add -L
}

5
var.example.nix Normal file
View File

@ -0,0 +1,5 @@
{
hostname = "gitea.example.com";
email = "for_lets_encrypt@example.com";
pubkey = "changeme"; # ssh-add -L
}