diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index a641cf6..ec9008c 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -10,10 +10,6 @@ let netifWifi = "wlp1s0"; netifSit = "henet0"; hydraWwwOutputs = "/var/www/hydra-outputs"; - nur-no-pkgs = import (builtins.fetchTarball { - url = "https://github.com/nix-community/NUR/archive/bb3e415984e818099cd72776dc18dbbbb61cd364.tar.gz"; - sha256 = "10mlxc4hj7nn3i766mjgjn9f1523w2v8msq895p7qp2j2wbx7b3g"; - }) {}; in { imports = @@ -22,10 +18,9 @@ in ./backup-module.nix ./flarum.nix (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz"; - sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-20.09/nixos-mailserver-nixos-20.09.tar.gz"; + sha256 = "1cfzlfdfiw8347cgi0y4akj528lpwplhdpq3fv5rw7fb1zq2w6ib"; }) - nur-no-pkgs.repos.mmilata.modules.jitsi-meet ]; # Use the systemd-boot EFI boot loader. @@ -372,23 +367,26 @@ in cookieSecure = true; disableRegistration = true; mailerPasswordFile = "/etc/nixos/secret/mailerpassword"; - extraConfig = - '' - [indexer] - REPO_INDEXER_ENABLED = true + settings = { + indexer = { + REPO_INDEXER_ENABLED = true; + }; - [mailer] - ENABLED = true - HOST = ssl.serverraum.org:587 - FROM = sysop@m-labs.hk - USER = sysop@m-labs.hk + mailer = { + ENABLED = true; + HOST = "ssl.serverraum.org:587"; + FROM = "sysop@m-labs.hk"; + USER = "sysop@m-labs.hk"; + }; - [service] - ENABLE_NOTIFY_MAIL = true + service = { + ENABLE_NOTIFY_MAIL = true; + }; - [attachment] - ALLOWED_TYPES = */* - ''; + attachment = { + ALLOWED_TYPES = "*/*"; + }; + }; }; systemd.tmpfiles.rules = [ "L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}" @@ -429,26 +427,24 @@ in security.acme.email = "sb" + "@m-labs.hk"; security.acme.certs = { "nixbld.m-labs.hk" = { - group = "nginx"; - user = "nginx"; webroot = "/var/lib/acme/acme-challenge"; - extraDomains = { - "m-labs.hk" = null; - "www.m-labs.hk" = null; - "conda.m-labs.hk" = null; - "lab.m-labs.hk" = null; - "git.m-labs.hk" = null; - "chat.m-labs.hk" = null; - "hooks.m-labs.hk" = null; - "forum.m-labs.hk" = null; - "perso.m-labs.hk" = null; - "call.m-labs.hk" = null; - "nmigen.org" = null; - "www.nmigen.org" = null; + extraDomainNames = [ + "m-labs.hk" + "www.m-labs.hk" + "conda.m-labs.hk" + "lab.m-labs.hk" + "git.m-labs.hk" + "chat.m-labs.hk" + "hooks.m-labs.hk" + "forum.m-labs.hk" + "perso.m-labs.hk" + "call.m-labs.hk" + "nmigen.org" + "www.nmigen.org" - "openhardware.hk" = null; - "git.openhardware.hk" = null; - }; + "openhardware.hk" + "git.openhardware.hk" + ]; }; }; services.nginx = { @@ -601,6 +597,7 @@ in }; "call.m-labs.hk" = { useACMEHost = "nixbld.m-labs.hk"; + enableACME = false; forceSSL = true; }; "perso.m-labs.hk" = { @@ -679,9 +676,7 @@ in loginAccounts = (import /etc/nixos/secret/email_accounts.nix); certificateScheme = 3; }; - security.acme.certs."${config.mailserver.fqdn}".extraDomains = { - "mail.nmigen.org" = null; - }; + security.acme.certs."${config.mailserver.fqdn}".extraDomainNames = [ "mail.nmigen.org" ]; containers.openhardwarehk = { autoStart = true; @@ -695,11 +690,11 @@ in appName = "Open Hardware HK"; cookieSecure = true; disableRegistration = true; - extraConfig = - '' - [attachment] - ALLOWED_TYPES = */* - ''; + settings = { + attachment = { + ALLOWED_TYPES = "*/*"; + }; + }; }; }; };