93 lines
1.7 KiB
Nix
93 lines
1.7 KiB
Nix
# nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
|
# nix-channel --update
|
|
#
|
|
{ config, pkgs, lib, ... }:
|
|
let
|
|
secrets = import ./secrets.nix;
|
|
hostname = "code.dumpstack.io";
|
|
in {
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.device = "/dev/vda";
|
|
|
|
swapDevices = [
|
|
{ device = "/var/swapfile";
|
|
size = 2048; # MiB
|
|
}
|
|
];
|
|
|
|
networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}";
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
|
|
users.extraUsers.root = {
|
|
openssh.authorizedKeys.keys = [ secrets.pubkey ];
|
|
};
|
|
|
|
services.openssh.enable = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
];
|
|
|
|
services.gitea = {
|
|
enable = true;
|
|
appName = "${hostname}";
|
|
|
|
settings = {
|
|
server = {
|
|
ROOT_URL = "https://${hostname}";
|
|
DOMAIN = "${hostname}";
|
|
};
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
};
|
|
attachment = {
|
|
ENABLED = false;
|
|
};
|
|
other = {
|
|
SHOW_FOOTER_VERSION = false;
|
|
};
|
|
repository = {
|
|
signing = {
|
|
DEFAULT_TRUST_MODEL = "committer";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
security.acme.defaults.email = "letsencrypt@dumpstack.io";
|
|
security.acme.acceptTerms = true;
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."${hostname}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/".proxyPass = "http://127.0.0.1:3000";
|
|
};
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
allowReboot = true;
|
|
};
|
|
|
|
system.stateVersion = "19.03";
|
|
|
|
nix = {
|
|
optimise.automatic = true;
|
|
gc = {
|
|
automatic = true;
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
};
|
|
}
|