forked from M-Labs/it-infra
nixbld: NixOS 22.11
This commit is contained in:
parent
3e0fb18e8c
commit
2af492e37e
|
@ -20,8 +20,8 @@ in
|
|||
./afws-module.nix
|
||||
./rt.nix
|
||||
(builtins.fetchTarball {
|
||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/15cf252a0dfffb2420a60fbd6be3467c11026142/nixos-mailserver-nixos.tar.gz";
|
||||
sha256 = "sha256:07c844h8iw0l6l1d5cb29qmfa7nwzxbwq5llnyk6hh913h775csc";
|
||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/70a970f5a02b7febec1c3065e10c4155b99ecf86/nixos-mailserver-nixos.tar.gz";
|
||||
sha256 = "sha256:0samfdxzsg14bwjl50p5x92v9scpa6l8nxjlshrwhib03dai47n1";
|
||||
})
|
||||
];
|
||||
|
||||
|
@ -399,9 +399,9 @@ in
|
|||
boot.kernel.sysctl."kernel.dmesg_restrict" = true;
|
||||
services.udev.packages = [ pkgs.sane-backends ];
|
||||
|
||||
nix.maxJobs = 10;
|
||||
nix.settings.max-jobs = 10;
|
||||
nix.nrBuildUsers = 64;
|
||||
nix.trustedUsers = ["sb"];
|
||||
nix.settings.trusted-users = ["sb"];
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
useSubstitutes = true;
|
||||
|
@ -515,9 +515,9 @@ in
|
|||
|
||||
nix.extraOptions = ''
|
||||
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
||||
experimental-features = nix-command flakes ca-derivations impure-derivations
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
nix.sandboxPaths = ["/opt"];
|
||||
nix.settings.extra-sandbox-paths = ["/opt"];
|
||||
|
||||
services.munin-node.enable = true;
|
||||
services.munin-cron = {
|
||||
|
@ -535,8 +535,6 @@ in
|
|||
httpPort = 3001;
|
||||
rootUrl = "https://git.m-labs.hk/";
|
||||
appName = "M-Labs Git";
|
||||
cookieSecure = true;
|
||||
disableRegistration = true;
|
||||
mailerPasswordFile = "/etc/nixos/secret/mailerpassword";
|
||||
settings = {
|
||||
indexer = {
|
||||
|
@ -552,13 +550,17 @@ in
|
|||
|
||||
service = {
|
||||
ENABLE_NOTIFY_MAIL = true;
|
||||
DISABLE_REGISTRATION = true;
|
||||
};
|
||||
|
||||
attachment = {
|
||||
ALLOWED_TYPES = "*/*";
|
||||
};
|
||||
|
||||
log.LEVEL = "Warn";
|
||||
|
||||
session.COOKIE_SECURE = true;
|
||||
};
|
||||
log.level = "Warn";
|
||||
};
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ '${config.services.gitea.stateDir}/custom/templates/home.tmpl' - - - - ${./gitea-home.tmpl}"
|
||||
|
@ -817,8 +819,8 @@ in
|
|||
"docs.m-labs.hk" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:9825";
|
||||
locations."/socket.io/".proxyPass = "http://127.0.0.1:9825";
|
||||
locations."/".proxyPass = "http://localhost:9825";
|
||||
locations."/socket.io/".proxyPass = "http://localhost:9825";
|
||||
locations."/socket.io/".proxyWebsockets = true;
|
||||
};
|
||||
"nmigen.net" = {
|
||||
|
@ -908,22 +910,25 @@ in
|
|||
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud24;
|
||||
package = pkgs.nextcloud25;
|
||||
hostName = "files.m-labs.hk";
|
||||
https = true;
|
||||
enableBrokenCiphersForSSE = false;
|
||||
config.adminpassFile = "/etc/nixos/secret/nextcloud_pass.txt";
|
||||
};
|
||||
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
configuration.port = 9825;
|
||||
configuration.domain = "docs.m-labs.hk";
|
||||
configuration.protocolUseSSL = true;
|
||||
configuration.allowEmailRegister = false;
|
||||
configuration.allowAnonymous = false;
|
||||
configuration.db = {
|
||||
dialect = "sqlite";
|
||||
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
|
||||
settings = {
|
||||
port = 9825;
|
||||
domain = "docs.m-labs.hk";
|
||||
protocolUseSSL = true;
|
||||
allowEmailRegister = false;
|
||||
allowAnonymous = false;
|
||||
db = {
|
||||
dialect = "sqlite";
|
||||
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue