Move out variables
This commit is contained in:
parent
8457319696
commit
80f64e456a
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
secrets.nix
|
||||
var.nix
|
||||
hardware-configuration.nix
|
10
README.md
10
README.md
@ -1,10 +1,6 @@
|
||||
# code.dumpstack.io
|
||||
|
||||
[Download NixOS installation ISO](https://nixos.org/nixos/download.html)
|
||||
|
||||
Notes:
|
||||
1. I assume that latest **stable** (e.g. 19.03) ISO will be used for installation.
|
||||
2. You need to change hostname in `configuration.nix:9`.
|
||||
[NixOS](https://nixos.org)
|
||||
|
||||
## Installation
|
||||
|
||||
@ -19,6 +15,10 @@ Notes:
|
||||
nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||
nix-channel --update
|
||||
|
||||
cd /mnt/etc/nixos
|
||||
cp var.example.nix var.nix
|
||||
vim var.nix
|
||||
|
||||
nixos-generate-config --root /mnt
|
||||
|
||||
nixos-install
|
||||
|
@ -3,8 +3,7 @@
|
||||
#
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
secrets = import ./secrets.nix;
|
||||
hostname = "code.dumpstack.io";
|
||||
var = import ./var.nix;
|
||||
in {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
@ -19,7 +18,7 @@ in {
|
||||
}
|
||||
];
|
||||
|
||||
networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}";
|
||||
networking.hostName = builtins.replaceStrings ["."] ["-"] "${var.hostname}";
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
@ -27,7 +26,7 @@ in {
|
||||
};
|
||||
|
||||
users.extraUsers.root = {
|
||||
openssh.authorizedKeys.keys = [ secrets.pubkey ];
|
||||
openssh.authorizedKeys.keys = [ var.pubkey ];
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
@ -38,12 +37,12 @@ in {
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
appName = "${hostname}";
|
||||
appName = "${var.hostname}";
|
||||
|
||||
settings = {
|
||||
server = {
|
||||
ROOT_URL = "https://${hostname}";
|
||||
DOMAIN = "${hostname}";
|
||||
ROOT_URL = "https://${var.hostname}";
|
||||
DOMAIN = "${var.hostname}";
|
||||
};
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
@ -60,12 +59,12 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.defaults.email = "letsencrypt@dumpstack.io";
|
||||
security.acme.defaults.email = var.email;
|
||||
security.acme.acceptTerms = true;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."${hostname}" = {
|
||||
virtualHosts."${var.hostname}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
|
@ -1,3 +0,0 @@
|
||||
{
|
||||
pubkey = "changeme"; # ssh-add -L
|
||||
}
|
5
var.example.nix
Normal file
5
var.example.nix
Normal file
@ -0,0 +1,5 @@
|
||||
{
|
||||
hostname = "gitea.example.com";
|
||||
email = "for_lets_encrypt@example.com";
|
||||
pubkey = "changeme"; # ssh-add -L
|
||||
}
|
Loading…
Reference in New Issue
Block a user