nixbld: nixos 20.09 WIP

This commit is contained in:
Sebastien Bourdeauducq 2020-10-31 17:30:46 +08:00
parent b10ee89454
commit cffeaeba23

View File

@ -10,10 +10,6 @@ let
netifWifi = "wlp1s0"; netifWifi = "wlp1s0";
netifSit = "henet0"; netifSit = "henet0";
hydraWwwOutputs = "/var/www/hydra-outputs"; hydraWwwOutputs = "/var/www/hydra-outputs";
nur-no-pkgs = import (builtins.fetchTarball {
url = "https://github.com/nix-community/NUR/archive/bb3e415984e818099cd72776dc18dbbbb61cd364.tar.gz";
sha256 = "10mlxc4hj7nn3i766mjgjn9f1523w2v8msq895p7qp2j2wbx7b3g";
}) {};
in in
{ {
imports = imports =
@ -22,10 +18,9 @@ in
./backup-module.nix ./backup-module.nix
./flarum.nix ./flarum.nix
(builtins.fetchTarball { (builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz"; url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-20.09/nixos-mailserver-nixos-20.09.tar.gz";
sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919"; sha256 = "1cfzlfdfiw8347cgi0y4akj528lpwplhdpq3fv5rw7fb1zq2w6ib";
}) })
nur-no-pkgs.repos.mmilata.modules.jitsi-meet
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
@ -372,23 +367,26 @@ in
cookieSecure = true; cookieSecure = true;
disableRegistration = true; disableRegistration = true;
mailerPasswordFile = "/etc/nixos/secret/mailerpassword"; mailerPasswordFile = "/etc/nixos/secret/mailerpassword";
extraConfig = settings = {
'' indexer = {
[indexer] REPO_INDEXER_ENABLED = true;
REPO_INDEXER_ENABLED = true };
[mailer] mailer = {
ENABLED = true ENABLED = true;
HOST = ssl.serverraum.org:587 HOST = "ssl.serverraum.org:587";
FROM = sysop@m-labs.hk FROM = "sysop@m-labs.hk";
USER = sysop@m-labs.hk USER = "sysop@m-labs.hk";
};
[service] service = {
ENABLE_NOTIFY_MAIL = true ENABLE_NOTIFY_MAIL = true;
};
[attachment] attachment = {
ALLOWED_TYPES = */* ALLOWED_TYPES = "*/*";
''; };
};
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}" "L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}"
@ -429,26 +427,24 @@ in
security.acme.email = "sb" + "@m-labs.hk"; security.acme.email = "sb" + "@m-labs.hk";
security.acme.certs = { security.acme.certs = {
"nixbld.m-labs.hk" = { "nixbld.m-labs.hk" = {
group = "nginx";
user = "nginx";
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
extraDomains = { extraDomainNames = [
"m-labs.hk" = null; "m-labs.hk"
"www.m-labs.hk" = null; "www.m-labs.hk"
"conda.m-labs.hk" = null; "conda.m-labs.hk"
"lab.m-labs.hk" = null; "lab.m-labs.hk"
"git.m-labs.hk" = null; "git.m-labs.hk"
"chat.m-labs.hk" = null; "chat.m-labs.hk"
"hooks.m-labs.hk" = null; "hooks.m-labs.hk"
"forum.m-labs.hk" = null; "forum.m-labs.hk"
"perso.m-labs.hk" = null; "perso.m-labs.hk"
"call.m-labs.hk" = null; "call.m-labs.hk"
"nmigen.org" = null; "nmigen.org"
"www.nmigen.org" = null; "www.nmigen.org"
"openhardware.hk" = null; "openhardware.hk"
"git.openhardware.hk" = null; "git.openhardware.hk"
}; ];
}; };
}; };
services.nginx = { services.nginx = {
@ -601,6 +597,7 @@ in
}; };
"call.m-labs.hk" = { "call.m-labs.hk" = {
useACMEHost = "nixbld.m-labs.hk"; useACMEHost = "nixbld.m-labs.hk";
enableACME = false;
forceSSL = true; forceSSL = true;
}; };
"perso.m-labs.hk" = { "perso.m-labs.hk" = {
@ -679,9 +676,7 @@ in
loginAccounts = (import /etc/nixos/secret/email_accounts.nix); loginAccounts = (import /etc/nixos/secret/email_accounts.nix);
certificateScheme = 3; certificateScheme = 3;
}; };
security.acme.certs."${config.mailserver.fqdn}".extraDomains = { security.acme.certs."${config.mailserver.fqdn}".extraDomainNames = [ "mail.nmigen.org" ];
"mail.nmigen.org" = null;
};
containers.openhardwarehk = { containers.openhardwarehk = {
autoStart = true; autoStart = true;
@ -695,11 +690,11 @@ in
appName = "Open Hardware HK"; appName = "Open Hardware HK";
cookieSecure = true; cookieSecure = true;
disableRegistration = true; disableRegistration = true;
extraConfig = settings = {
'' attachment = {
[attachment] ALLOWED_TYPES = "*/*";
ALLOWED_TYPES = */* };
''; };
}; };
}; };
}; };