forked from M-Labs/it-infra
nixbld: NixOS 22.11
This commit is contained in:
parent
3e0fb18e8c
commit
2af492e37e
|
@ -20,8 +20,8 @@ in
|
||||||
./afws-module.nix
|
./afws-module.nix
|
||||||
./rt.nix
|
./rt.nix
|
||||||
(builtins.fetchTarball {
|
(builtins.fetchTarball {
|
||||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/15cf252a0dfffb2420a60fbd6be3467c11026142/nixos-mailserver-nixos.tar.gz";
|
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/70a970f5a02b7febec1c3065e10c4155b99ecf86/nixos-mailserver-nixos.tar.gz";
|
||||||
sha256 = "sha256:07c844h8iw0l6l1d5cb29qmfa7nwzxbwq5llnyk6hh913h775csc";
|
sha256 = "sha256:0samfdxzsg14bwjl50p5x92v9scpa6l8nxjlshrwhib03dai47n1";
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -399,9 +399,9 @@ in
|
||||||
boot.kernel.sysctl."kernel.dmesg_restrict" = true;
|
boot.kernel.sysctl."kernel.dmesg_restrict" = true;
|
||||||
services.udev.packages = [ pkgs.sane-backends ];
|
services.udev.packages = [ pkgs.sane-backends ];
|
||||||
|
|
||||||
nix.maxJobs = 10;
|
nix.settings.max-jobs = 10;
|
||||||
nix.nrBuildUsers = 64;
|
nix.nrBuildUsers = 64;
|
||||||
nix.trustedUsers = ["sb"];
|
nix.settings.trusted-users = ["sb"];
|
||||||
services.hydra = {
|
services.hydra = {
|
||||||
enable = true;
|
enable = true;
|
||||||
useSubstitutes = true;
|
useSubstitutes = true;
|
||||||
|
@ -515,9 +515,9 @@ in
|
||||||
|
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
||||||
experimental-features = nix-command flakes ca-derivations impure-derivations
|
experimental-features = nix-command flakes
|
||||||
'';
|
'';
|
||||||
nix.sandboxPaths = ["/opt"];
|
nix.settings.extra-sandbox-paths = ["/opt"];
|
||||||
|
|
||||||
services.munin-node.enable = true;
|
services.munin-node.enable = true;
|
||||||
services.munin-cron = {
|
services.munin-cron = {
|
||||||
|
@ -535,8 +535,6 @@ in
|
||||||
httpPort = 3001;
|
httpPort = 3001;
|
||||||
rootUrl = "https://git.m-labs.hk/";
|
rootUrl = "https://git.m-labs.hk/";
|
||||||
appName = "M-Labs Git";
|
appName = "M-Labs Git";
|
||||||
cookieSecure = true;
|
|
||||||
disableRegistration = true;
|
|
||||||
mailerPasswordFile = "/etc/nixos/secret/mailerpassword";
|
mailerPasswordFile = "/etc/nixos/secret/mailerpassword";
|
||||||
settings = {
|
settings = {
|
||||||
indexer = {
|
indexer = {
|
||||||
|
@ -552,13 +550,17 @@ in
|
||||||
|
|
||||||
service = {
|
service = {
|
||||||
ENABLE_NOTIFY_MAIL = true;
|
ENABLE_NOTIFY_MAIL = true;
|
||||||
|
DISABLE_REGISTRATION = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
attachment = {
|
attachment = {
|
||||||
ALLOWED_TYPES = "*/*";
|
ALLOWED_TYPES = "*/*";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
log.LEVEL = "Warn";
|
||||||
|
|
||||||
|
session.COOKIE_SECURE = true;
|
||||||
};
|
};
|
||||||
log.level = "Warn";
|
|
||||||
};
|
};
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}"
|
"L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}"
|
||||||
|
@ -817,8 +819,8 @@ in
|
||||||
"docs.m-labs.hk" = {
|
"docs.m-labs.hk" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/".proxyPass = "http://127.0.0.1:9825";
|
locations."/".proxyPass = "http://localhost:9825";
|
||||||
locations."/socket.io/".proxyPass = "http://127.0.0.1:9825";
|
locations."/socket.io/".proxyPass = "http://localhost:9825";
|
||||||
locations."/socket.io/".proxyWebsockets = true;
|
locations."/socket.io/".proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
"nmigen.net" = {
|
"nmigen.net" = {
|
||||||
|
@ -908,24 +910,27 @@ in
|
||||||
|
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nextcloud24;
|
package = pkgs.nextcloud25;
|
||||||
hostName = "files.m-labs.hk";
|
hostName = "files.m-labs.hk";
|
||||||
https = true;
|
https = true;
|
||||||
|
enableBrokenCiphersForSSE = false;
|
||||||
config.adminpassFile = "/etc/nixos/secret/nextcloud_pass.txt";
|
config.adminpassFile = "/etc/nixos/secret/nextcloud_pass.txt";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.hedgedoc = {
|
services.hedgedoc = {
|
||||||
enable = true;
|
enable = true;
|
||||||
configuration.port = 9825;
|
settings = {
|
||||||
configuration.domain = "docs.m-labs.hk";
|
port = 9825;
|
||||||
configuration.protocolUseSSL = true;
|
domain = "docs.m-labs.hk";
|
||||||
configuration.allowEmailRegister = false;
|
protocolUseSSL = true;
|
||||||
configuration.allowAnonymous = false;
|
allowEmailRegister = false;
|
||||||
configuration.db = {
|
allowAnonymous = false;
|
||||||
|
db = {
|
||||||
dialect = "sqlite";
|
dialect = "sqlite";
|
||||||
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
|
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "21.05";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue