post(nixos): add `nix.gc` and update config style

This commit is contained in:
MDLeom 2020-05-02 06:55:36 +01:00
parent 48931151ed
commit 5e9558d92f
No known key found for this signature in database
GPG Key ID: 5D9DB57A25D34EE3
3 changed files with 39 additions and 19 deletions

View File

@ -225,11 +225,14 @@ Unattended upgrade can be enabled through the following config. Once enabled, Ni
In the config, you can also specify the time that the server will reboot. I recommend to only enable it after everything is up and running, especially when setting a web server; you wouldn't want the server to reboot itself in the middle of your tinkering.
(For more advanced usage of `dates`, see [`systemd.time`](https://jlk.fjfi.cvut.cz/arch/manpages/man/systemd.time.7#CALENDAR_EVENTS))
``` js
system.autoUpgrade = {
enable = true;
allowReboot = true;
dates = "00:00";
# Daily 00:00
dates = "daily UTC";
};
```
@ -306,3 +309,16 @@ Kernel compiled with additional security-oriented patch set. [More details](http
```
boot.kernelPackages = pkgs.linuxPackages_hardened;
```
## Remove old, unreferenced packages
Since my web server has limited disk space, it needs to run [garbage collector](https://nixos.org/nixos/manual/index.html#sec-nix-gc) from time to time.
```
## Garbage collector
nix.gc = {
automatic = true;
# Every Monday 00:00
dates = "weekly UTC";
};
```

View File

@ -40,15 +40,17 @@ To join the I2P network, I'm using [i2pd](https://i2pd.website/), an (unofficial
enable = true;
ifname = "ens3";
address = "xxxx";
inTunnels.myEep = {
enable = true;
keys = "myEep-keys.dat";
inPort = 80;
address = "::1";
destination = "::1";
port = 8081;
# inbound.length = 1;
# outbound.length = 1;
inTunnels = {
myEep = {
enable = true;
keys = "myEep-keys.dat";
inPort = 80;
address = "::1";
destination = "::1";
port = 8081;
# inbound.length = 1;
# outbound.length = 1;
};
};
enableIPv4 = false;
enableIPv6 = true;

View File

@ -37,15 +37,17 @@ The first step is to bring up a Tor hidden service to get an onion address. Add
services.tor = {
enable = true;
enableGeoIP = false;
hiddenServices.myOnion = {
version = 3;
map = [
{
port = "80";
toHost = "[::1]";
toPort = "8080";
}
];
hiddenServices = {
myOnion = {
version = 3;
map = [
{
port = "80";
toHost = "[::1]";
toPort = "8080";
}
];
};
};
extraConfig =
''