From 2af492e37e22caee2e271f5761dcfbb3c0ec2b2e Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Sat, 3 Dec 2022 16:29:32 +0800 Subject: [PATCH] nixbld: NixOS 22.11 --- nixbld-etc-nixos/configuration.nix | 45 +++++++++++++++++------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index e689064..4367422 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -20,8 +20,8 @@ in ./afws-module.nix ./rt.nix (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/15cf252a0dfffb2420a60fbd6be3467c11026142/nixos-mailserver-nixos.tar.gz"; - sha256 = "sha256:07c844h8iw0l6l1d5cb29qmfa7nwzxbwq5llnyk6hh913h775csc"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/70a970f5a02b7febec1c3065e10c4155b99ecf86/nixos-mailserver-nixos.tar.gz"; + sha256 = "sha256:0samfdxzsg14bwjl50p5x92v9scpa6l8nxjlshrwhib03dai47n1"; }) ]; @@ -399,9 +399,9 @@ in boot.kernel.sysctl."kernel.dmesg_restrict" = true; services.udev.packages = [ pkgs.sane-backends ]; - nix.maxJobs = 10; + nix.settings.max-jobs = 10; nix.nrBuildUsers = 64; - nix.trustedUsers = ["sb"]; + nix.settings.trusted-users = ["sb"]; services.hydra = { enable = true; useSubstitutes = true; @@ -515,9 +515,9 @@ in nix.extraOptions = '' secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1 - experimental-features = nix-command flakes ca-derivations impure-derivations + experimental-features = nix-command flakes ''; - nix.sandboxPaths = ["/opt"]; + nix.settings.extra-sandbox-paths = ["/opt"]; services.munin-node.enable = true; services.munin-cron = { @@ -535,8 +535,6 @@ in httpPort = 3001; rootUrl = "https://git.m-labs.hk/"; appName = "M-Labs Git"; - cookieSecure = true; - disableRegistration = true; mailerPasswordFile = "/etc/nixos/secret/mailerpassword"; settings = { indexer = { @@ -552,13 +550,17 @@ in service = { ENABLE_NOTIFY_MAIL = true; + DISABLE_REGISTRATION = true; }; attachment = { ALLOWED_TYPES = "*/*"; }; + + log.LEVEL = "Warn"; + + session.COOKIE_SECURE = true; }; - log.level = "Warn"; }; systemd.tmpfiles.rules = [ "L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}" @@ -817,8 +819,8 @@ in "docs.m-labs.hk" = { forceSSL = true; enableACME = true; - locations."/".proxyPass = "http://127.0.0.1:9825"; - locations."/socket.io/".proxyPass = "http://127.0.0.1:9825"; + locations."/".proxyPass = "http://localhost:9825"; + locations."/socket.io/".proxyPass = "http://localhost:9825"; locations."/socket.io/".proxyWebsockets = true; }; "nmigen.net" = { @@ -908,22 +910,25 @@ in services.nextcloud = { enable = true; - package = pkgs.nextcloud24; + package = pkgs.nextcloud25; hostName = "files.m-labs.hk"; https = true; + enableBrokenCiphersForSSE = false; config.adminpassFile = "/etc/nixos/secret/nextcloud_pass.txt"; }; services.hedgedoc = { enable = true; - configuration.port = 9825; - configuration.domain = "docs.m-labs.hk"; - configuration.protocolUseSSL = true; - configuration.allowEmailRegister = false; - configuration.allowAnonymous = false; - configuration.db = { - dialect = "sqlite"; - storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; + settings = { + port = 9825; + domain = "docs.m-labs.hk"; + protocolUseSSL = true; + allowEmailRegister = false; + allowAnonymous = false; + db = { + dialect = "sqlite"; + storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; + }; }; };