nixbld: NixOS 22.11

This commit is contained in:
Sebastien Bourdeauducq 2022-12-03 16:29:32 +08:00
parent 3e0fb18e8c
commit 2af492e37e
1 changed files with 25 additions and 20 deletions

View File

@ -20,8 +20,8 @@ in
./afws-module.nix
./rt.nix
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/15cf252a0dfffb2420a60fbd6be3467c11026142/nixos-mailserver-nixos.tar.gz";
sha256 = "sha256:07c844h8iw0l6l1d5cb29qmfa7nwzxbwq5llnyk6hh913h775csc";
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/70a970f5a02b7febec1c3065e10c4155b99ecf86/nixos-mailserver-nixos.tar.gz";
sha256 = "sha256:0samfdxzsg14bwjl50p5x92v9scpa6l8nxjlshrwhib03dai47n1";
})
];
@ -399,9 +399,9 @@ in
boot.kernel.sysctl."kernel.dmesg_restrict" = true;
services.udev.packages = [ pkgs.sane-backends ];
nix.maxJobs = 10;
nix.settings.max-jobs = 10;
nix.nrBuildUsers = 64;
nix.trustedUsers = ["sb"];
nix.settings.trusted-users = ["sb"];
services.hydra = {
enable = true;
useSubstitutes = true;
@ -515,9 +515,9 @@ in
nix.extraOptions = ''
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
experimental-features = nix-command flakes ca-derivations impure-derivations
experimental-features = nix-command flakes
'';
nix.sandboxPaths = ["/opt"];
nix.settings.extra-sandbox-paths = ["/opt"];
services.munin-node.enable = true;
services.munin-cron = {
@ -535,8 +535,6 @@ in
httpPort = 3001;
rootUrl = "https://git.m-labs.hk/";
appName = "M-Labs Git";
cookieSecure = true;
disableRegistration = true;
mailerPasswordFile = "/etc/nixos/secret/mailerpassword";
settings = {
indexer = {
@ -552,13 +550,17 @@ in
service = {
ENABLE_NOTIFY_MAIL = true;
DISABLE_REGISTRATION = true;
};
attachment = {
ALLOWED_TYPES = "*/*";
};
log.LEVEL = "Warn";
session.COOKIE_SECURE = true;
};
log.level = "Warn";
};
systemd.tmpfiles.rules = [
"L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}"
@ -817,8 +819,8 @@ in
"docs.m-labs.hk" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:9825";
locations."/socket.io/".proxyPass = "http://127.0.0.1:9825";
locations."/".proxyPass = "http://localhost:9825";
locations."/socket.io/".proxyPass = "http://localhost:9825";
locations."/socket.io/".proxyWebsockets = true;
};
"nmigen.net" = {
@ -908,22 +910,25 @@ in
services.nextcloud = {
enable = true;
package = pkgs.nextcloud24;
package = pkgs.nextcloud25;
hostName = "files.m-labs.hk";
https = true;
enableBrokenCiphersForSSE = false;
config.adminpassFile = "/etc/nixos/secret/nextcloud_pass.txt";
};
services.hedgedoc = {
enable = true;
configuration.port = 9825;
configuration.domain = "docs.m-labs.hk";
configuration.protocolUseSSL = true;
configuration.allowEmailRegister = false;
configuration.allowAnonymous = false;
configuration.db = {
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
settings = {
port = 9825;
domain = "docs.m-labs.hk";
protocolUseSSL = true;
allowEmailRegister = false;
allowAnonymous = false;
db = {
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
};
};
};