51 lines
1.2 KiB
Nix
51 lines
1.2 KiB
Nix
let
|
|
|
|
configuration = { config, pkgs, ... }: {
|
|
imports = [ ./configuration.nix ];
|
|
|
|
users.extraUsers.gebner.password = "";
|
|
users.users.root.password = "";
|
|
|
|
boot.enableContainers = true;
|
|
|
|
systemd.services.createSSLKeys = {
|
|
path = [ pkgs.easyrsa ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = "yes";
|
|
};
|
|
script = ''
|
|
rm -rf /etc/sslcerts
|
|
mkdir -p /etc/sslcerts
|
|
cd /etc/sslcerts
|
|
|
|
easyrsa-init
|
|
easyrsa init-pki
|
|
easyrsa --batch --req-cn=testing.gebner.org build-ca nopass
|
|
easyrsa --req-cn=gebner.org build-server-full gebner_org nopass
|
|
|
|
cat pki/issued/gebner_org.crt pki/ca.crt >fullchain.pem
|
|
cp pki/private/gebner_org.key key.pem
|
|
cp key.pem key-dovecot.pem && chown dovecot2 key-dovecot.pem
|
|
'';
|
|
};
|
|
|
|
systemd.services.setupVM = rec {
|
|
wantedBy = [ "gogs.service" "dovecot2.service" "nginx.service" ];
|
|
before = wantedBy;
|
|
wants = [ "createSSLKeys.service" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = "yes";
|
|
};
|
|
script = ''
|
|
mkdir -p /srv/git.gebner.org
|
|
chown git:git -R /srv/git.gebner.org
|
|
'';
|
|
};
|
|
};
|
|
|
|
nixos = import <nixpkgs/nixos> { configuration = configuration; };
|
|
|
|
in nixos.vm
|