-
-
Save pinpox/dbab1ecab06c869ac1b602a2af2080c8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let | |
| domain = "test.com"; | |
| in | |
| { pkgs, lib, ... }: | |
| with lib; { | |
| imports = [ | |
| <nixpkgs/nixos/modules/profiles/qemu-guest.nix> | |
| # ./gitea.nix | |
| ]; | |
| config = { | |
| fileSystems."/" = { | |
| device = "/dev/disk/by-label/nixos"; | |
| fsType = "ext4"; | |
| autoResize = true; | |
| }; | |
| # TODO enable firewall | |
| networking.firewall.enable = false; | |
| boot.growPartition = true; | |
| boot.kernelParams = [ "console=ttyS0" ]; | |
| boot.loader.grub.device = "/dev/vda"; | |
| boot.loader.timeout = 0; | |
| programs.ssh.startAgent = false; | |
| services.openssh = { | |
| enable = true; | |
| passwordAuthentication = false; | |
| startWhenNeeded = true; | |
| challengeResponseAuthentication = false; | |
| }; | |
| environment.systemPackages = with pkgs; [ | |
| nix-index | |
| htop | |
| neovim | |
| nixfmt | |
| git | |
| wget | |
| gnumake | |
| ripgrep | |
| go | |
| python | |
| ctags | |
| python38Packages.gunicorn | |
| python38Packages.flask | |
| sourcehut.metasrht # Account management service for the sr.ht network | |
| sourcehut.todosrht # Ticket tracking service for the sr.ht network | |
| # sourcehut.gitsrht # Git repository hosting service for the sr.ht network | |
| # sourcehut.hubsrht # Project hub service for the sr.ht network | |
| # sourcehut.mansrht # Wiki service for the sr.ht network | |
| # sourcehut.buildsrht # Continuous integration service for the sr.ht network | |
| # sourcehut.listssrht # Mailing list service for the sr.ht network | |
| # sourcehut.pastesrht # Ad-hoc text file hosting service for the sr.ht network | |
| # sourcehut.dispatchsrht # Task dispatcher and service integration tool for the sr.ht network | |
| # sourcehut.hgsrht # Mercurial repository hosting service for the sr.ht network | |
| ]; | |
| services.redis = { | |
| enable = true; | |
| # requirePassFile ="/secrets/redis/password" | |
| }; | |
| services.postgresql = { | |
| # TODO run metasrht-initdb when needed | |
| # enableTCPIP = true; | |
| enable = true; | |
| # dataDir = "/data/postgresql"; | |
| package = pkgs.postgresql_11; | |
| identMap = '' | |
| sourcehut sourcehut sourcehut | |
| ''; | |
| ensureDatabases = [ | |
| "sourcehut_meta" | |
| "sourcehut_git" | |
| ]; | |
| ensureUsers = [ | |
| { | |
| name = "sourcehut"; | |
| ensurePermissions = { | |
| "DATABASE sourcehut_meta" = "ALL PRIVILEGES"; | |
| "DATABASE sourcehut_git" = "ALL PRIVILEGES"; | |
| }; | |
| } | |
| ]; | |
| # authentication = pkgs.lib.mkOverride 10 '' | |
| # local all all trust | |
| # host all all ::1/128 trust | |
| # ''; | |
| # initialScript = pkgs.writeText "backend-initScript" '' | |
| # CREATE ROLE sourcehut WITH LOGIN PASSWORD 'todo' CREATEDB; | |
| # ''; | |
| }; | |
| systemd.services.sourehut-meta = { | |
| description = "meta.sr.ht website service"; | |
| requires = "postgresql.service"; | |
| after = [ "postgresql.service network.target" ]; | |
| serviceConfig = { | |
| Type = "simple"; | |
| User = "sourcehut"; | |
| Restart = "always"; | |
| ExecStart = ''${pkgs.python38Packages.gunicorn}/bin/screen -dmS irc ${pkgs.irssi}/bin/irssi''; | |
| python38Packages.gunicorn | |
| # Account management service for the sr.ht network | |
| # ExecStop = ''${pkgs.screen}/bin/screen -S irc -X quit''; | |
| }; | |
| }; | |
| # services.nginx = { | |
| # enable = true; | |
| # virtualHosts."test.${domain}" = { | |
| # # addSSL = true; | |
| # # enableACME = true; | |
| # root = "/var/www/test-site"; | |
| # }; | |
| # virtualHosts."lislon.${domain}" = { | |
| # # addSSL = true; | |
| # # enableACME = true; | |
| # root = "/var/www/lislon"; | |
| # }; | |
| # }; | |
| # virtualisation.oci-containers.containers = { | |
| # bitwardenrs = { | |
| # autoStart = true; | |
| # image = "bitwardenrs/server:latest"; | |
| # environment = { | |
| # DOMAIN = "http://nix.own"; | |
| # ADMIN_TOKEN = "test"; | |
| # SIGNUPS_ALLOWED = "true"; | |
| # INVITATIONS_ALOWED = "true"; | |
| # }; | |
| # ports = [ | |
| # "9999:80" | |
| # ]; | |
| # volumes = [ | |
| # "/var/docker/bitwarden/:/data/" | |
| # ]; | |
| # }; | |
| # }; | |
| # [Unit] | |
| # Description=meta.sr.ht website service | |
| # Requires=postgresql.service | |
| # After=postgresql.service network.target | |
| # [Service] | |
| # Type=simple | |
| # User=metasrht | |
| # Restart=always | |
| # ExecStart=/usr/bin/gunicorn metasrht.app:app -b 127.0.0.1:5000 | |
| # [Install] | |
| # WantedBy=multi-user.target | |
| users = { | |
| users.root = { | |
| openssh.authorizedKeys.keyFiles = | |
| [ (builtins.fetchurl { url = "https://github.com/pinpox.keys"; }) ]; | |
| }; | |
| users.sourcehut= { | |
| description = "Sourcehut system user"; | |
| home = "/var/sourcehut"; | |
| createHome = true; | |
| openssh.authorizedKeys.keyFiles = | |
| [ (builtins.fetchurl { url = "https://github.com/pinpox.keys"; }) ]; | |
| }; | |
| users.pinpox = { | |
| isNormalUser = true; | |
| home = "/home/pinpox"; | |
| description = "Pablo Ovelleiro Corral"; | |
| extraGroups = [ "wheel" "networkmanager" "audio" "libvirtd"]; | |
| # Public ssh-keys that are authorized for the user. Fetched from homepage | |
| # and github profile. | |
| openssh.authorizedKeys.keyFiles = [ | |
| (builtins.fetchurl { url = "https://pablo.tools/ssh-key"; }) | |
| (builtins.fetchurl { url = "https://github.com/pinpox.keys"; }) | |
| ]; | |
| }; | |
| }; | |
| i18n.defaultLocale = "en_US.UTF-8"; | |
| console = { | |
| font = "Lat2-Terminus16"; | |
| keyMap = "colemak"; | |
| }; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment