fsagbuya
/
it-infra
forked from M-Labs/it-infra
1
0
Fork 0
Code Pull Requests Activity

nixbld: NixOS 22.11

This commit is contained in:
Sebastien Bourdeauducq 2022-12-03 16:29:32 +08:00
parent 3e0fb18e8c
commit 2af492e37e
1 changed files with 25 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
nixbld-etc-nixos/configuration.nix
View File

@ -20,8 +20,8 @@ in
./afws-module.nix ./afws-module.nix
./rt.nix ./rt.nix
(builtins.fetchTarball { (builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/15cf252a0dfffb2420a60fbd6be3467c11026142/nixos-mailserver-nixos.tar.gz"; url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/70a970f5a02b7febec1c3065e10c4155b99ecf86/nixos-mailserver-nixos.tar.gz";
sha256 = "sha256:07c844h8iw0l6l1d5cb29qmfa7nwzxbwq5llnyk6hh913h775csc"; sha256 = "sha256:0samfdxzsg14bwjl50p5x92v9scpa6l8nxjlshrwhib03dai47n1";
}) })
]; ];
@ -399,9 +399,9 @@ in
boot.kernel.sysctl."kernel.dmesg_restrict" = true; boot.kernel.sysctl."kernel.dmesg_restrict" = true;
services.udev.packages = [ pkgs.sane-backends ]; services.udev.packages = [ pkgs.sane-backends ];
nix.maxJobs = 10; nix.settings.max-jobs = 10;
nix.nrBuildUsers = 64; nix.nrBuildUsers = 64;
nix.trustedUsers = ["sb"]; nix.settings.trusted-users = ["sb"];
services.hydra = { services.hydra = {
enable = true; enable = true;
useSubstitutes = true; useSubstitutes = true;
@ -515,9 +515,9 @@ in
nix.extraOptions = '' nix.extraOptions = ''
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1 secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
experimental-features = nix-command flakes ca-derivations impure-derivations experimental-features = nix-command flakes
''; '';
nix.sandboxPaths = ["/opt"]; nix.settings.extra-sandbox-paths = ["/opt"];
services.munin-node.enable = true; services.munin-node.enable = true;
services.munin-cron = { services.munin-cron = {
@ -535,8 +535,6 @@ in
httpPort = 3001; httpPort = 3001;
rootUrl = "https://git.m-labs.hk/"; rootUrl = "https://git.m-labs.hk/";
appName = "M-Labs Git"; appName = "M-Labs Git";
cookieSecure = true;
disableRegistration = true;
mailerPasswordFile = "/etc/nixos/secret/mailerpassword"; mailerPasswordFile = "/etc/nixos/secret/mailerpassword";
settings = { settings = {
indexer = { indexer = {
@ -552,13 +550,17 @@ in
service = { service = {
ENABLE_NOTIFY_MAIL = true; ENABLE_NOTIFY_MAIL = true;
DISABLE_REGISTRATION = true;
}; };
attachment = { attachment = {
ALLOWED_TYPES = "*/*"; ALLOWED_TYPES = "*/*";
}; };
log.LEVEL = "Warn";
session.COOKIE_SECURE = true;
}; };
log.level = "Warn";
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}" "L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}"
@ -817,8 +819,8 @@ in
"docs.m-labs.hk" = { "docs.m-labs.hk" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:9825"; locations."/".proxyPass = "http://localhost:9825";
locations."/socket.io/".proxyPass = "http://127.0.0.1:9825"; locations."/socket.io/".proxyPass = "http://localhost:9825";
locations."/socket.io/".proxyWebsockets = true; locations."/socket.io/".proxyWebsockets = true;
}; };
"nmigen.net" = { "nmigen.net" = {
@ -908,24 +910,27 @@ in
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud24; package = pkgs.nextcloud25;
hostName = "files.m-labs.hk"; hostName = "files.m-labs.hk";
https = true; https = true;
enableBrokenCiphersForSSE = false;
config.adminpassFile = "/etc/nixos/secret/nextcloud_pass.txt"; config.adminpassFile = "/etc/nixos/secret/nextcloud_pass.txt";
}; };
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
configuration.port = 9825; settings = {
configuration.domain = "docs.m-labs.hk"; port = 9825;
configuration.protocolUseSSL = true; domain = "docs.m-labs.hk";
configuration.allowEmailRegister = false; protocolUseSSL = true;
configuration.allowAnonymous = false; allowEmailRegister = false;
configuration.db = { allowAnonymous = false;
db = {
dialect = "sqlite"; dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
}; };
}; };
};
system.stateVersion = "21.05"; system.stateVersion = "21.05";
} }