mastus: migrate to 21.05

This commit is contained in:
Gabriel Ebner 2021-06-27 14:40:28 +02:00
parent 393a699de3
commit 3fdda46bdd
5 changed files with 72 additions and 21 deletions

@ -5,17 +5,17 @@
[
/etc/nixos/hardware-configuration.nix
../basic-tools.nix
./backup.nix
# ./backup.nix
./duplicity.nix
./mail.nix
./www.nix
./gogs.nix
./gitea.nix
./letsencrypt.nix
./website.nix
./wstunnel.nix
./radicale.nix
./ttrss.nix
# ./ttrss.nix
./dns.nix
];

42
mastus/gitea.nix Normal file

@ -0,0 +1,42 @@
{ config, pkgs, ... }:
{
services.gitea = rec {
enable = true;
stateDir = "/srv/git.gebner.org";
appName = "Gabriel Ebner's git server";
domain = "git.gebner.org";
rootUrl = "https://git.gebner.org/";
httpPort = 8001;
cookieSecure = true;
log.level = "Info";
disableRegistration = true;
settings = {
picture = {
DISABLE_GRAVATAR = "false";
AVATAR_UPLOAD_PATH = "${stateDir}/data/avatars";
};
};
};
environment.systemPackages = [
(let cfg = config.services.gitea; in pkgs.writeScriptBin "gitea" ''
exec ${pkgs.sudo}/bin/sudo -u ${cfg.user} \
env GITEA_WORK_DIR=${cfg.stateDir} ${pkgs.gitea}/bin/gitea "$@"
'')
];
services.nginx = {
recommendedProxySettings = true;
virtualHosts."git.gebner.org" = {
forceSSL = true;
useACMEHost = "gebner.org";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.gitea.httpPort}";
extraConfig = ''
proxy_buffering off;
client_max_body_size 30M;
'';
};
};
};
}

@ -6,22 +6,26 @@ in
services.radicale = {
enable = true;
package = pkgs.radicale2;
config = ''
[server]
hosts = 127.0.0.1:${toString radicalePort}
ssl = false
dns_lookup = false
settings = {
server = {
hosts = "127.0.0.1:${toString radicalePort}";
ssl = false;
dns_lookup = false;
};
[storage]
filesystem_folder = /var/lib/radicale/collections
storage = {
filesystem_folder = "/var/lib/radicale/collections";
};
[auth]
type = htpasswd
htpasswd_filename = /var/lib/radicale/htpasswd
auth = {
type = "htpasswd";
htpasswd_filename = "/var/lib/radicale/htpasswd";
};
[rights]
type = owner_only
'';
rights = {
type = "owner_only";
};
};
};
security.acme.certs."gebner.org".extraDomainNames = [ "radicale.gebner.org" ];

@ -2,8 +2,13 @@
{
containers.ttrss = {
config = {
users.extraUsers.ttrss = {};
users.extraGroups.ttrss = {};
users.users.ttrss = {
group = "ttrss";
isSystemUser = true;
};
users.groups.ttrss = {};
users.users.tt_rss.isSystemUser = true;
services.postgresql = {
enable = true;

@ -9,7 +9,7 @@ let
boot.enableContainers = true;
systemd.services.setupVM = rec {
wantedBy = [ "gogs.service" "dovecot2.service" "nginx.service" ];
wantedBy = [ "gitea.service" "dovecot2.service" "nginx.service" ];
before = wantedBy;
serviceConfig = {
Type = "oneshot";
@ -17,7 +17,7 @@ let
};
script = ''
mkdir -p /srv/git.gebner.org
chown git:git -R /srv/git.gebner.org
chown gitea:gitea -R /srv/git.gebner.org
'';
};
@ -29,7 +29,7 @@ let
sqlite-interactive
];
systemd.services."acme-gebner.org".serviceConfig.ExecStart = pkgs.lib.mkForce "true";
security.acme.server = "http://localhost";
networking.extraHosts = ''
127.0.0.1 gebner.org www.gebner.org reader.gebner.org git.gebner.org mail.gebner.org radicale.gebner.org gabrielebner.at