1
0
Fork 0
code.dumpstack.io/configuration.nix

90 lines
2.1 KiB
Nix

# nix-channel --add https://nixos.org/channels/nixos-19.03 nixos
# nix-channel --add https://nixos.org/channels/nixos-unstable unstable
# nix-channel --update
#
{ config, pkgs, ... }:
let
unstable = import <unstable> {};
secrets = import ./secrets.nix;
hostname = "code.dumpstack.io";
in {
disabledModules = [ "services/misc/gitea.nix" ];
imports = [
./hardware-configuration.nix
<unstable/nixos/modules/services/misc/gitea.nix>
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking.hostName = "${hostname}";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
users.extraUsers.root = {
openssh.authorizedKeys.keys = [ secrets.pubkey ];
};
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
vim
];
services.gitea = {
enable = true;
appName = "${hostname}";
domain = "${hostname}";
rootUrl = "https://${hostname}";
extraConfig = ''
[service]
DISABLE_REGISTRATION = true
[ui]
DEFAULT_THEME = gitea
'';
};
services.nginx = {
enable = true;
virtualHosts."${hostname}" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:3000";
};
};
# force update all channels
systemd.services.nixos-upgrade.serviceConfig.ExecStartPre =
"${pkgs.nix}/bin/nix-channel --update";
systemd.services.nixos-upgrade.serviceConfig.ExecStartPost = pkgs.writeScript "post-upgrade-check" ''
#!${pkgs.stdenv.shell}
current=$(readlink -f /run/current-system/kernel)
booted=$(readlink -f /run/booted-system/kernel)
if [ "$current" != "$booted" ]; then
echo "kernel changed, reboot" | systemd-cat --identifier "post-upgrade-check";
reboot
else
echo "same kernel, do not reboot" | systemd-cat --identifier "post-upgrade-check";
fi
'';
system.stateVersion = "19.03";
system.autoUpgrade.enable = true;
nix = {
optimise.automatic = true;
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
};
}