1
0
code.dumpstack.io/configuration.nix

93 lines
1.7 KiB
Nix

# nix-channel --add https://nixos.org/channels/nixos-unstable nixos
# nix-channel --update
#
{ config, pkgs, lib, ... }:
let
secrets = import ./secrets.nix;
hostname = "code.dumpstack.io";
in {
imports = [
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
swapDevices = [
{ device = "/var/swapfile";
size = 2048; # MiB
}
];
networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
users.extraUsers.root = {
openssh.authorizedKeys.keys = [ secrets.pubkey ];
};
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
vim
];
services.gitea = {
enable = true;
appName = "${hostname}";
settings = {
server = {
ROOT_URL = "https://${hostname}";
DOMAIN = "${hostname}";
};
service = {
DISABLE_REGISTRATION = true;
};
attachment = {
ENABLED = false;
};
other = {
SHOW_FOOTER_VERSION = false;
};
repository = {
signing = {
DEFAULT_TRUST_MODEL = "committer";
};
};
};
};
security.acme.defaults.email = "letsencrypt@dumpstack.io";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
virtualHosts."${hostname}" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:3000";
};
};
system.autoUpgrade = {
enable = true;
allowReboot = true;
};
system.stateVersion = "19.03";
nix = {
optimise.automatic = true;
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
};
}