system/machines/magenta/default.nix

70 lines
1.6 KiB
Nix
Raw Normal View History

2022-10-15 08:39:47 +03:00
{ config, pkgs, ... }:
2022-10-13 07:47:31 +03:00
let
data = import ../../data.nix;
in
{
imports = [
./hardware-configuration.nix
./networking.nix # generated at runtime by nixos-infect
2022-10-13 23:11:12 +03:00
./mail-accounts.nix
2022-10-13 07:47:31 +03:00
../modules/common.nix
2022-10-13 23:11:12 +03:00
../modules/nix.nix
2022-10-15 08:39:47 +03:00
../modules/nginx.nix
2022-10-13 07:47:31 +03:00
];
boot.cleanTmpDir = true;
zramSwap.enable = true;
networking.hostName = "magenta";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
2022-10-13 23:11:12 +03:00
security.acme = {
acceptTerms = true;
defaults.email = "dmitriy@pleshevski.ru";
};
# See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
2022-10-13 23:11:12 +03:00
mailserver = {
enable = true;
fqdn = "mail.pleshevski.ru";
domains = [ "pleshevski.ru" ];
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = 3;
hierarchySeparator = "/";
2022-10-13 23:11:12 +03:00
};
2022-10-15 08:39:47 +03:00
services.postgresql = {
enable = true;
package = pkgs.postgresql_14;
};
services.gitea = {
enable = true;
httpPort = 9901;
domain = "nix-git.pleshevski.ru";
rootUrl = "https://nix-git.pleshevski.ru";
database = {
type = "postgres";
host = "/run/postgresql";
port = config.services.postgresql.port;
};
settings = {
log.LEVEL = "Error";
service.DISABLE_REGISTRATION = true;
metrics.ENABLED = true;
server.DISABLE_ROUTER_LOG = true;
};
};
services.nginx.virtualHosts."nix-git.pleshevski.ru" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
};
2022-10-13 07:47:31 +03:00
}