2022-10-15 08:39:47 +03:00
|
|
|
{ config, pkgs, ... }:
|
2022-10-13 07:47:31 +03:00
|
|
|
|
|
|
|
let
|
|
|
|
data = import ../../data.nix;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
./hardware-configuration.nix
|
|
|
|
./networking.nix # generated at runtime by nixos-infect
|
2022-10-13 23:11:12 +03:00
|
|
|
./mail-accounts.nix
|
2022-10-13 07:47:31 +03:00
|
|
|
../modules/common.nix
|
2022-10-13 23:11:12 +03:00
|
|
|
../modules/nix.nix
|
2022-10-15 08:39:47 +03:00
|
|
|
../modules/nginx.nix
|
2022-10-13 07:47:31 +03:00
|
|
|
];
|
|
|
|
|
|
|
|
boot.cleanTmpDir = true;
|
|
|
|
zramSwap.enable = true;
|
|
|
|
networking.hostName = "magenta";
|
|
|
|
|
|
|
|
services.openssh.enable = true;
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
|
2022-10-13 23:11:12 +03:00
|
|
|
|
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
defaults.email = "dmitriy@pleshevski.ru";
|
|
|
|
};
|
|
|
|
|
2022-10-13 23:42:58 +03:00
|
|
|
# See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
|
2022-10-13 23:11:12 +03:00
|
|
|
mailserver = {
|
|
|
|
enable = true;
|
|
|
|
fqdn = "mail.pleshevski.ru";
|
|
|
|
domains = [ "pleshevski.ru" ];
|
|
|
|
|
|
|
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
|
|
# down nginx and opens port 80.
|
|
|
|
certificateScheme = 3;
|
2022-10-13 23:42:58 +03:00
|
|
|
|
|
|
|
hierarchySeparator = "/";
|
2022-10-13 23:11:12 +03:00
|
|
|
};
|
2022-10-15 08:39:47 +03:00
|
|
|
|
|
|
|
services.postgresql = {
|
|
|
|
enable = true;
|
|
|
|
package = pkgs.postgresql_14;
|
|
|
|
};
|
|
|
|
|
|
|
|
services.gitea = {
|
|
|
|
enable = true;
|
|
|
|
httpPort = 9901;
|
|
|
|
domain = "nix-git.pleshevski.ru";
|
|
|
|
rootUrl = "https://nix-git.pleshevski.ru";
|
|
|
|
database = {
|
|
|
|
type = "postgres";
|
|
|
|
host = "/run/postgresql";
|
|
|
|
port = config.services.postgresql.port;
|
|
|
|
};
|
|
|
|
settings = {
|
|
|
|
log.LEVEL = "Error";
|
|
|
|
service.DISABLE_REGISTRATION = true;
|
|
|
|
metrics.ENABLED = true;
|
|
|
|
server.DISABLE_ROUTER_LOG = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."nix-git.pleshevski.ru" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
|
|
|
|
};
|
2022-10-13 07:47:31 +03:00
|
|
|
}
|