This commit is contained in:
parent
afa8ee0797
commit
6c64f78d6a
|
|
@ -48,6 +48,7 @@ in
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = "git.0x76.dev";
|
domain = "git.0x76.dev";
|
||||||
|
package = pkgs.forgejo;
|
||||||
rootUrl = "https://git.0x76.dev";
|
rootUrl = "https://git.0x76.dev";
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
dump.type = "tar.gz";
|
dump.type = "tar.gz";
|
||||||
|
|
|
||||||
|
|
@ -2,13 +2,12 @@
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ lib, config, pkgs, inputs, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
db_name = "hedgedoc";
|
db_name = "hedgedoc";
|
||||||
db_user = "hedgedoc";
|
db_user = "hedgedoc";
|
||||||
vs = config.vault-secrets.secrets;
|
vs = config.vault-secrets.secrets;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
|
@ -19,27 +18,22 @@ in
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "21.11"; # Did you read the comment?
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
|
|
||||||
# Additional packages
|
|
||||||
environment.systemPackages = with pkgs; [ ];
|
|
||||||
|
|
||||||
environment.noXlibs = lib.mkForce false;
|
environment.noXlibs = lib.mkForce false;
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ config.services.hedgedoc.settings.port ];
|
networking.firewall.allowedTCPPorts =
|
||||||
|
[ config.services.hedgedoc.settings.port ];
|
||||||
|
|
||||||
vault-secrets.secrets.hedgedoc = { };
|
vault-secrets.secrets.hedgedoc = { };
|
||||||
|
|
||||||
services.postgresql =
|
services.postgresql = {
|
||||||
{
|
enable = true;
|
||||||
enable = true;
|
package = pkgs.postgresql_13;
|
||||||
package = pkgs.postgresql_13;
|
ensureDatabases = [ db_name ];
|
||||||
ensureDatabases = [ db_name ];
|
ensureUsers = [{
|
||||||
ensureUsers = [
|
name = db_user;
|
||||||
{
|
ensurePermissions = { "DATABASE ${db_name}" = "ALL PRIVILEGES"; };
|
||||||
name = db_user;
|
}];
|
||||||
ensurePermissions = { "DATABASE ${db_name}" = "ALL PRIVILEGES"; };
|
};
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.hedgedoc = {
|
services.hedgedoc = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -51,10 +45,7 @@ in
|
||||||
domain = "md.0x76.dev";
|
domain = "md.0x76.dev";
|
||||||
protocolUseSSL = true;
|
protocolUseSSL = true;
|
||||||
hsts.enable = true;
|
hsts.enable = true;
|
||||||
allowOrigin = [
|
allowOrigin = [ config.services.hedgedoc.settings.domain "hedgedoc" ];
|
||||||
config.services.hedgedoc.settings.domain
|
|
||||||
"hedgedoc"
|
|
||||||
];
|
|
||||||
allowAnonymous = false;
|
allowAnonymous = false;
|
||||||
allowEmailRegister = false;
|
allowEmailRegister = false;
|
||||||
allowAnonymousEdits = true;
|
allowAnonymousEdits = true;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue