nixos 16.09 -> 17.03
parent
3113d052a7
commit
959090068f
|
@ -9,7 +9,7 @@ Systems
|
|||
|
||||
Physical server. Mostly used for files. (storage: 6 TB hdd + 256GB ssd, RAM: 8GB, 2 cores ht)
|
||||
|
||||
- [git hosting](./modules/gogs.nix)
|
||||
- [git hosting](./roles/gogs.nix)
|
||||
- [public files](./roles/pub.nix)
|
||||
- torrents
|
||||
- [quassel](./roles/quassel.nix)
|
||||
|
|
2
conf
2
conf
|
@ -12,7 +12,7 @@ git)
|
|||
eval ${@:3}
|
||||
;;
|
||||
stable)
|
||||
export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-16.09/nixexprs.tar.xz:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
|
||||
export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-17.03/nixexprs.tar.xz:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
|
||||
eval ${@:3}
|
||||
;;
|
||||
channel)
|
||||
|
|
|
@ -10,10 +10,10 @@ in
|
|||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
../psysical/fractal.nix
|
||||
../physical/fractal.nix
|
||||
../roles/common.nix
|
||||
../modules/nginx.nix
|
||||
../modules/gogs.nix # todo: better separation here
|
||||
../roles/gogs.nix
|
||||
../modules/tor-hidden-service.nix
|
||||
../roles/quassel.nix
|
||||
../roles/pub.nix
|
||||
|
@ -26,7 +26,6 @@ in
|
|||
# The NixOS release to be compatible with for stateful data such as databases.
|
||||
system.stateVersion = "15.09";
|
||||
|
||||
gogs.domain = "git.yori.cc";
|
||||
nginxssl.enable = true;
|
||||
|
||||
# hidden SSH service
|
||||
|
|
|
@ -7,9 +7,6 @@
|
|||
let
|
||||
secrets = import <secrets>;
|
||||
yoricc = import ../packages/yori-cc.nix;
|
||||
luadbi = pkgs.callPackage ../packages/luadbi.nix {};
|
||||
acmeWebRoot = "/etc/sslcerts/acmeroot";
|
||||
acmeKeyDir = "${config.security.acme.directory}/yori.cc";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
|
|
|
@ -1,86 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
gitHome = "/var/gogs";
|
||||
gogs = pkgs.callPackage ../packages/gogs.nix { };
|
||||
gogsPort = 8001;
|
||||
domain = config.gogs.domain;
|
||||
gogsConfig = pkgs.writeText "gogs.ini" ''
|
||||
APP_NAME = Gogs: Go Git Service
|
||||
RUN_USER = git
|
||||
RUN_MODE = prod
|
||||
[database]
|
||||
DB_TYPE = sqlite3
|
||||
HOST = 127.0.0.1:3306
|
||||
NAME = gogs
|
||||
USER = root
|
||||
PASSWD =
|
||||
SSL_MODE = disable
|
||||
PATH = ${gitHome}/data/gogs.db
|
||||
[repository]
|
||||
ROOT = ${gitHome}/gogs-repositories
|
||||
[server]
|
||||
DOMAIN = ${domain}
|
||||
HTTP_PORT = ${toString gogsPort}
|
||||
ROOT_URL = https://${domain}/
|
||||
DISABLE_SSH = false
|
||||
SSH_PORT = 22
|
||||
OFFLINE_MODE = false
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
[service]
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
DISABLE_REGISTRATION = true
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
[picture]
|
||||
DISABLE_GRAVATAR = false
|
||||
AVATAR_UPLOAD_PATH = ${gitHome}/data/avatars
|
||||
[session]
|
||||
PROVIDER = file
|
||||
[log]
|
||||
ROOT_PATH = ${gitHome}/logs
|
||||
MODE = file
|
||||
LEVEL = Info
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
'';
|
||||
inherit (lib) mkOption types;
|
||||
in
|
||||
{
|
||||
#imports = [./nginx.nix];
|
||||
options.gogs = {
|
||||
domain = mkOption {
|
||||
type = types.string;
|
||||
description = "The domain to run the servers on";
|
||||
default = {};
|
||||
example = "git.domain.com";
|
||||
};
|
||||
};
|
||||
config =
|
||||
{
|
||||
users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; useDefaultShell = true;};
|
||||
users.extraGroups.git = { };
|
||||
systemd.services.gogs = {
|
||||
path = with pkgs; [ git openssh bash ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
User = "git";
|
||||
Group = "git";
|
||||
ExecStart = "${gogs}/gogs web -c ${gogsConfig}";
|
||||
WorkingDirectory = gitHome;
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString gogsPort}";
|
||||
extraConfig = ''
|
||||
proxy_buffering off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,12 +3,12 @@ with import <nixpkgs> {};
|
|||
let gogitget = callPackage ./gogitget.nix {}; in
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "yori-cc-1.3";
|
||||
name = "yori-cc-1.3.5";
|
||||
|
||||
src = gogitget {
|
||||
"url" = "git@git.yori.cc:yorick/yori-cc.git";
|
||||
"rev" = "db207b9fd74a1036d2272c38dcbb6de504cf590a";
|
||||
"sha256" = "1rqsv7pdij15f6nxxwggw58q12ggl6g7gjjq73sbdz1v9x78xbzp";
|
||||
"rev" = "f049e4330dfb64bbbaf700897269c003fce8b5c4";
|
||||
"sha256" = "1x8knlsp7cx52sr15gr0yhj1vl8ncznrqn4nvaycgwmhr1kysffr";
|
||||
};
|
||||
|
||||
buildInputs = [ ];
|
||||
|
|
|
@ -5,37 +5,22 @@
|
|||
services.asterisk = {
|
||||
enable = true;
|
||||
#extraArguments = ["-vvvddd"];
|
||||
confFiles."asterisk.conf" = ''
|
||||
[directories]
|
||||
astetcdir => /etc/asterisk/
|
||||
astmoddir => ${pkgs.asterisk}/lib/asterisk/modules
|
||||
astvarlibdir => /var/lib/asterisk
|
||||
astdbdir => /var/lib/asterisk
|
||||
astkeydir => /var/lib/asterisk
|
||||
astdatadir => /var/lib/asterisk
|
||||
astagidir => /var/lib/asterisk/agi-bin
|
||||
astspooldir => /var/spool/asterisk
|
||||
astrundir => /var/run/asterisk
|
||||
astlogdir => /var/log/asterisk
|
||||
astsbindir => ${pkgs.asterisk}/sbin
|
||||
'';
|
||||
};
|
||||
environment.etc = {
|
||||
# Loading all modules by default is considered sensible by the authors of
|
||||
# "Asterisk: The Definitive Guide". Secure sites will likely want to
|
||||
# specify their own "modules.conf" in the confFiles option.
|
||||
"asterisk/modules.conf".text = ''
|
||||
[modules]
|
||||
autoload=yes
|
||||
'';
|
||||
|
||||
# Use syslog for logging so logs can be viewed with journalctl
|
||||
"asterisk/logger.conf".text = ''
|
||||
confFiles."logger.conf" = ''
|
||||
[general]
|
||||
[logfiles]
|
||||
syslog.local0 => notice,warning,error
|
||||
console => debug,notice,warning,error,verbose,dtmf,fax
|
||||
'';
|
||||
confFiles."extensions.conf" = ''
|
||||
[from-sim]
|
||||
exten => _X.,1,Verbose(Call from Limesco SIM [''${CALLERID(num)}] to [''${EXTEN}])
|
||||
same => n,Dial(SIP/speakup01/''${EXTEN})
|
||||
|
||||
[from-speakup]
|
||||
; Vervang ... door de rest van je DIY-nummer:
|
||||
exten => 31626972516,1,Verbose(Call from SpeakUp [''${CALLERID(num)}] to [''${EXTEN}])
|
||||
same => n,Dial(SIP/limesco/''${EXTEN})
|
||||
'';
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
asterisk
|
||||
|
|
|
@ -0,0 +1,58 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
gitHome = "/var/gogs";
|
||||
gogs = pkgs.callPackage ../packages/gogs.nix { };
|
||||
gogsPort = 8001;
|
||||
domain = "git.yori.cc";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../modules/nginx.nix
|
||||
];
|
||||
|
||||
users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; useDefaultShell = true;};
|
||||
users.extraGroups.git = { };
|
||||
services.gogs = rec {
|
||||
enable = true;
|
||||
user = "git";
|
||||
group = "git";
|
||||
database.user = "root";
|
||||
stateDir = gitHome;
|
||||
repositoryRoot = "${stateDir}/gogs-repositories";
|
||||
rootUrl = "https://${domain}/";
|
||||
httpAddress = "localhost";
|
||||
httpPort = gogsPort;
|
||||
extraConfig = ''
|
||||
[service]
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
DISABLE_REGISTRATION = true
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
[picture]
|
||||
DISABLE_GRAVATAR = false
|
||||
AVATAR_UPLOAD_PATH = ${gitHome}/data/avatars
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
[session]
|
||||
PROVIDER = file
|
||||
[log]
|
||||
ROOT_PATH = ${gitHome}/logs
|
||||
MODE = file
|
||||
LEVEL = Info
|
||||
[server]
|
||||
DISABLE_ROUTER_LOG = true
|
||||
'';
|
||||
inherit domain;
|
||||
};
|
||||
users.extraUsers.gogs.createHome = lib.mkForce false;
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString gogsPort}";
|
||||
extraConfig = ''
|
||||
proxy_buffering off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let secrets = import <secrets>;
|
||||
acmeKeyDir = "${config.security.acme.directory}/yori.cc";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
interfaces = ["0.0.0.0"];
|
||||
};
|
||||
environment.systemPackages = [
|
||||
pkgs.kde4.quasselDaemon
|
||||
pkgs.quasselDaemon
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [4242];
|
||||
};
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
let
|
||||
luadbi = pkgs.callPackage ../packages/luadbi.nix {};
|
||||
acmeKeyDir = "${config.security.acme.directory}/yori.cc";
|
||||
in
|
||||
{
|
||||
# XMPP
|
||||
|
|
Loading…
Reference in New Issue