2024-09-24 10:46:27 +00:00
|
|
|
<script>
|
|
|
|
export default {
|
2024-09-30 19:17:24 +00:00
|
|
|
beforeMount() {
|
|
|
|
this.availableServices.forEach((s, i) => {
|
|
|
|
s.inBundle = []
|
|
|
|
})
|
|
|
|
this.availableBundles.forEach((b, i) => {
|
|
|
|
b.services.forEach((s) => {
|
|
|
|
this.availableServices.find(item => item.id === s).inBundle.push(b.id);
|
|
|
|
})
|
|
|
|
})
|
|
|
|
},
|
2024-09-24 10:46:27 +00:00
|
|
|
data() {
|
|
|
|
return {
|
|
|
|
netconf: 'autoconfig',
|
|
|
|
networkingHostname: '',
|
2024-09-30 19:17:24 +00:00
|
|
|
networkingDomain: 'distrilab.eu',
|
|
|
|
availableBundles: [{
|
|
|
|
"id": "writeCollectively",
|
|
|
|
"name": "Write collectively : pads",
|
|
|
|
"services": [
|
|
|
|
'hedgedoc', 'nextcloud'
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "forge",
|
|
|
|
"name": "Forge : git repo, CI/CD workers, and NixiN",
|
|
|
|
"services": [
|
|
|
|
'forgejo', 'forgejoRunner', 'nixin'
|
|
|
|
]
|
|
|
|
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "socialMedia",
|
|
|
|
"name": "Social media: hosted social medias in activitypub web-apps",
|
|
|
|
"services": [
|
|
|
|
'gotosocial', 'peertube', 'lemmy'
|
|
|
|
]
|
|
|
|
|
|
|
|
}],
|
|
|
|
availableServices: [{
|
|
|
|
"id": "hedgedoc",
|
|
|
|
"name": "Hedgedoc : realtime collaborative markdown editor"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "forgejo",
|
|
|
|
"name": "Forgejo : git hosting"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "forgejoRunner",
|
|
|
|
"name": "Forgejo runner : CD/CI runner for Forgejo"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "gotosocial",
|
|
|
|
"name": "Gotosocial : personal light activityPub social media"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "peertube",
|
|
|
|
"name": "Peertube : video hosting platform with activityPub"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "lemmy",
|
|
|
|
"name": "Lemmy : reddit alternative with activityPub"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "nextcloud",
|
|
|
|
"name": "Nextcloud : personnal cloud"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "nixin",
|
|
|
|
"name": "NixiN : web ui for configurations"
|
|
|
|
}],
|
|
|
|
nixinBundles: [],
|
|
|
|
nixinServices: [],
|
2024-09-24 10:46:27 +00:00
|
|
|
timezone: 'Etc/UTC',
|
|
|
|
locale: 'en_US.UTF-8',
|
|
|
|
user: 'operator',
|
|
|
|
userPassword: 'CHANGE ME !!!',
|
|
|
|
}
|
|
|
|
},
|
|
|
|
methods: {
|
|
|
|
netconfHasBeenChanged(val = '') {
|
|
|
|
if (val === 'autoconfig') {
|
|
|
|
this.networkingDomain = 'distrilab.org'
|
|
|
|
} else {
|
|
|
|
this.networkingDomain = ''
|
|
|
|
}
|
2024-09-30 19:17:24 +00:00
|
|
|
},
|
2024-10-02 10:52:33 +00:00
|
|
|
selectServices(bundleId, services) {
|
|
|
|
if (this.nixinBundles.includes(bundleId)) {
|
|
|
|
services.forEach((s) => {
|
|
|
|
if (this.nixinServices.indexOf(s) === -1) {
|
|
|
|
this.nixinServices.push(s)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
} else {
|
|
|
|
services.forEach((s) => {
|
|
|
|
const index = this.nixinServices.indexOf(s);
|
|
|
|
if (index > -1) {
|
|
|
|
this.nixinServices.splice(index, 1);
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
2024-09-24 10:46:27 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
</script>
|
|
|
|
|
|
|
|
<template>
|
|
|
|
<h2>Networking</h2>
|
|
|
|
|
|
|
|
<div class="form-row">
|
|
|
|
<div class="form-cell">
|
|
|
|
<strong>Choose your network configuration</strong>
|
|
|
|
<label>
|
|
|
|
<input type="radio" v-model="netconf" name="netconf" value="autoconfig"
|
2024-09-30 19:17:24 +00:00
|
|
|
@click="netconfHasBeenChanged('autoconfig')">I'm a noob in network config, I trust you to provide networking
|
|
|
|
for me (ipv6 only)</label>
|
2024-09-24 10:46:27 +00:00
|
|
|
<label>
|
|
|
|
<input type="radio" v-model="netconf" name="netconf" value="publicip" @click="netconfHasBeenChanged">My server
|
2024-09-30 19:17:24 +00:00
|
|
|
has a public ip that I can provide
|
2024-09-24 10:46:27 +00:00
|
|
|
</label>
|
|
|
|
<label>
|
|
|
|
<input type="radio" v-model="netconf" name="netconf" value="localnetwork" @click="netconfHasBeenChanged">My
|
2024-09-30 19:17:24 +00:00
|
|
|
router is set so that my local machine is accessible on the public network
|
2024-09-24 10:46:27 +00:00
|
|
|
</label>
|
|
|
|
<label>
|
|
|
|
<input type="radio" v-model="netconf" name="netconf" value="wireguard" @click="netconfHasBeenChanged">My server
|
2024-09-30 19:17:24 +00:00
|
|
|
can use a wireguard server i can configure
|
2024-09-24 10:46:27 +00:00
|
|
|
</label>
|
|
|
|
</div>
|
|
|
|
</div>
|
2024-09-30 19:17:24 +00:00
|
|
|
|
2024-09-24 10:46:27 +00:00
|
|
|
<div class="form-row">
|
|
|
|
<div class="form-cell">
|
|
|
|
<label>Machine network name</label>
|
|
|
|
<input required type="text" v-model="networkingHostname"
|
|
|
|
placeholder="Give your machine a name without spaces, ponctuation or accents" />
|
|
|
|
</div>
|
|
|
|
</div>
|
2024-09-25 15:13:09 +00:00
|
|
|
<input v-if="netconf === 'autoconfig'" type="hidden" value="distrilab.fr" />
|
2024-09-24 10:46:27 +00:00
|
|
|
<div class="form-row" v-if="netconf !== 'autoconfig'">
|
|
|
|
<div class="form-cell">
|
|
|
|
<label>Domain name</label>
|
|
|
|
<input required type="text" v-model="networkingDomain" placeholder="ex: distrilab.fr" />
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<h2>Usage bundles</h2>
|
2024-09-30 19:17:24 +00:00
|
|
|
<div class="form-row">
|
|
|
|
<div class="form-cell">
|
|
|
|
<strong>Choose your usage bundles (multiple choices possible if your machine can handle it)</strong>
|
|
|
|
<div v-for="bundle in availableBundles">
|
|
|
|
<label>
|
|
|
|
<input type="checkbox" v-model="nixinBundles" :id="bundle.id" :value="bundle.id"
|
2024-10-02 10:52:33 +00:00
|
|
|
@change="selectServices(bundle.id, bundle.services)" />
|
2024-09-30 19:17:24 +00:00
|
|
|
{{ bundle.name }}
|
|
|
|
</label>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</div>
|
2024-09-24 10:46:27 +00:00
|
|
|
|
2024-09-30 19:17:24 +00:00
|
|
|
<h2>Services</h2>
|
|
|
|
<div v-if="nixinBundles.length === 0">👆 Choose any upper bundle to make associated services appear.</div>
|
|
|
|
<div v-for="service in availableServices">
|
2024-10-01 08:34:47 +00:00
|
|
|
<label v-if="service.inBundle && service.inBundle.some(ai => nixinBundles.includes(ai))">
|
2024-09-30 19:17:24 +00:00
|
|
|
<input type="checkbox" v-model="nixinServices" :id="service.id" :value="service.id" />
|
|
|
|
{{ service.name }}
|
|
|
|
</label>
|
|
|
|
</div>
|
2024-09-24 10:46:27 +00:00
|
|
|
|
2024-09-30 19:17:24 +00:00
|
|
|
<h2>Other configuration</h2>
|
|
|
|
Operating UNIX user name<br />
|
|
|
|
Operating UNIX user password<br />
|
|
|
|
Timezone<br />
|
|
|
|
Locale<br />
|
2024-09-24 10:46:27 +00:00
|
|
|
|
|
|
|
<h2>Auto-generated configuration.nix file</h2>
|
|
|
|
<pre>
|
|
|
|
<code>
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
|
|
|
./hardware-configuration.nix
|
|
|
|
];
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
hostName = "{{ networkingHostname }}";
|
|
|
|
domain = "{{ networkingDomain }}";
|
|
|
|
nameservers = ["80.67.169.12" "2001:910:800::12" "80.67.169.40" "2001:910:800::40"];
|
|
|
|
wg-quick.interfaces = {
|
|
|
|
wg0 = {
|
|
|
|
address = [ "10.42.0.3/32"];
|
|
|
|
privateKeyFile = "/etc/wireguard_private_key";
|
|
|
|
|
|
|
|
peers = [
|
|
|
|
{
|
|
|
|
publicKey = "2MZzEGJzA3HrwkHf91TaKJEHwCNyVvsTLWoIYHrCxhY=";
|
|
|
|
presharedKeyFile = "/etc/wireguard_preshared_key";
|
|
|
|
allowedIPs = [ "10.42.0.0/24" ];
|
|
|
|
endpoint = "195.201.63.240:8098";
|
|
|
|
persistentKeepalive = 15;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
users.users.{{ user }} = {
|
|
|
|
isNormalUser = true;
|
|
|
|
extraGroups = [ "wheel" ];
|
|
|
|
initialPassword = "{{ userPassword }}";
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBM+2TwkopAQF7splTWjORQoxjcp67VhodwzvTMlL8g florian@florian-LinuxMint-MBP"
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRG0CyeeMMrrjTTm/PHgRXD/I4lH/bBPBCGUiL+cBdq douzeb@tux-12"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
security.sudo.extraRules= [
|
|
|
|
{
|
|
|
|
users = [ "{{ user }}" ];
|
|
|
|
commands = [
|
|
|
|
{ command = "ALL" ;
|
|
|
|
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
time.timeZone = "{{ timezone }}";
|
|
|
|
i18n.defaultLocale = "{{ locale }}";
|
2024-09-30 19:17:24 +00:00
|
|
|
|
|
|
|
<div v-if="nixinServices.includes('gotosocial')">
|
|
|
|
{
|
|
|
|
services.gotosocial = {
|
|
|
|
enable = true;
|
|
|
|
setupPostgresqlDB = true;
|
|
|
|
settings = {
|
|
|
|
application-name = "My GoToSocial";
|
|
|
|
host = "gotosocial.example.com";
|
|
|
|
protocol = "https";
|
|
|
|
bind-address = "127.0.0.1";
|
|
|
|
port = 8080;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
{
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
clientMaxBodySize = "40M";
|
|
|
|
virtualHosts = with config.services.gotosocial.settings; {
|
|
|
|
"${host}" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations = {
|
|
|
|
"/" = {
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
proxyWebsockets = true;
|
|
|
|
proxyPass = "http://${bind-address}:${toString port}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div v-if="nixinServices.includes('peertube')">
|
|
|
|
networking.extraHosts = ''
|
|
|
|
127.0.0.1 peertube.local
|
|
|
|
'';
|
|
|
|
|
|
|
|
environment.etc = {
|
|
|
|
"peertube/password-posgressql-db".text = "test123";
|
|
|
|
"peertube/password-redis-db".text = "test123";
|
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
|
|
|
peertube = {
|
|
|
|
enable = true;
|
|
|
|
localDomain = "peertube.local";
|
|
|
|
enableWebHttps = false;
|
|
|
|
database = {
|
|
|
|
host = "127.0.0.1";
|
|
|
|
name = "peertube_local";
|
|
|
|
user = "peertube_test";
|
|
|
|
passwordFile = "/etc/peertube/password-posgressql-db";
|
|
|
|
};
|
|
|
|
redis = {
|
|
|
|
host = "127.0.0.1";
|
|
|
|
port = 31638;
|
|
|
|
passwordFile = "/etc/peertube/password-redis-db";
|
|
|
|
};
|
|
|
|
settings = {
|
|
|
|
listen.hostname = "0.0.0.0";
|
|
|
|
instance.name = "PeerTube Test Server";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
postgresql = {
|
|
|
|
enable = true;
|
|
|
|
enableTCPIP = true;
|
|
|
|
authentication = ''
|
|
|
|
hostnossl peertube_local peertube_test 127.0.0.1/32 md5
|
|
|
|
'';
|
|
|
|
initialScript = pkgs.writeText "postgresql_init.sql" ''
|
|
|
|
CREATE ROLE peertube_test LOGIN PASSWORD 'test123';
|
|
|
|
CREATE DATABASE peertube_local TEMPLATE template0 ENCODING UTF8;
|
|
|
|
GRANT ALL PRIVILEGES ON DATABASE peertube_local TO peertube_test;
|
|
|
|
ALTER DATABASE peertube_local OWNER TO peertube_test;
|
|
|
|
\connect peertube_local
|
|
|
|
CREATE EXTENSION IF NOT EXISTS pg_trgm;
|
|
|
|
CREATE EXTENSION IF NOT EXISTS unaccent;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
redis.servers.peertube = {
|
|
|
|
enable = true;
|
|
|
|
bind = "0.0.0.0";
|
|
|
|
requirePass = "test123";
|
|
|
|
port = 31638;
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div v-if="nixinServices.includes('lemmy')">
|
|
|
|
let
|
|
|
|
|
|
|
|
# add nginx reverse proxy and ACME web certificate
|
|
|
|
add_nginx = true;
|
|
|
|
nginx_ports = [ 80 443 ];
|
|
|
|
|
|
|
|
lemmy = {
|
|
|
|
upstreamName = "lemmy";
|
|
|
|
dataDir = "/var/lib/lemmy";
|
|
|
|
ip = "127.0.0.1";
|
|
|
|
port = 1234;
|
|
|
|
# TODO: Change this domain to your own
|
|
|
|
domain = "lemmy.example.com";
|
|
|
|
};
|
|
|
|
|
|
|
|
lemmy-ui = {
|
|
|
|
upstreamName = "lemmy-ui";
|
|
|
|
ip = "127.0.0.1";
|
|
|
|
port = 8536;
|
|
|
|
};
|
|
|
|
|
|
|
|
pict-rs = {
|
|
|
|
ip = "127.0.0.1";
|
|
|
|
port = 8080;
|
|
|
|
};
|
|
|
|
|
|
|
|
acmeDomain = lemmy.domain;
|
|
|
|
nginxVhost = lemmy.domain;
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
|
|
|
security.acme = lib.mkIf add_nginx {
|
|
|
|
# TODO: change this to true if you accept
|
|
|
|
acceptTerms = false;
|
|
|
|
defaults = {
|
|
|
|
# TODO: you will receive a notification if automatic certificate renewal fails
|
|
|
|
email = "postmaster@${lemmy.domain}";
|
|
|
|
# TODO: put your dns provider here: https://go-acme.github.io/lego/dns/
|
|
|
|
dnsProvider = "";
|
|
|
|
# TODO: this file should contain environment variables expected by your dns provider
|
|
|
|
credentialsFile = "";
|
|
|
|
};
|
|
|
|
certs."${acmeDomain}" = {
|
|
|
|
domain = "${acmeDomain}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = lib.mkIf add_nginx nginx_ports;
|
|
|
|
|
|
|
|
# is needed because of certificate file permissions
|
|
|
|
users.users.nginx.extraGroups = lib.mkIf add_nginx ["acme"];
|
|
|
|
|
|
|
|
services.nginx = lib.mkIf add_nginx {
|
|
|
|
upstreams."${lemmy.upstreamName}".servers."${lemmy.ip}:${builtins.toString lemmy.port}" = {};
|
|
|
|
upstreams."${lemmy-ui.upstreamName}".servers."${lemmy-ui.ip}:${builtins.toString lemmy-ui.port}" = {};
|
|
|
|
|
|
|
|
virtualHosts."${nginxVhost}" = {
|
|
|
|
useACMEHost = "${acmeDomain}";
|
|
|
|
# inherit from config.security.acme.acmeRoot;
|
|
|
|
acmeRoot = null;
|
|
|
|
# add redirects from http to https
|
|
|
|
forceSSL = true;
|
|
|
|
# this whole block was lifted from
|
|
|
|
https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L21 lines
|
|
|
|
21-32
|
|
|
|
extraConfig = ''
|
|
|
|
# disables emitting nginx version on error pages and in the “Server” response header field
|
|
|
|
server_tokens off;
|
|
|
|
|
|
|
|
gzip on;
|
|
|
|
gzip_types text/css application/javascript image/svg+xml;
|
|
|
|
gzip_vary on;
|
|
|
|
|
|
|
|
# Upload limit, relevant for pictrs
|
|
|
|
client_max_body_size 20M;
|
|
|
|
|
|
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
'';
|
|
|
|
|
|
|
|
locations = {
|
|
|
|
"/" = {
|
|
|
|
extraConfig = ''
|
|
|
|
# distinguish between ui requests and backend
|
|
|
|
# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
|
|
|
|
set $proxpass "http://${lemmy-ui.upstreamName}";
|
|
|
|
|
|
|
|
if ($http_accept = "application/activity+json") {
|
|
|
|
set $proxpass "http://${lemmy.upstreamName}";
|
|
|
|
}
|
|
|
|
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
|
|
|
|
set $proxpass "http://${lemmy.upstreamName}";
|
|
|
|
}
|
|
|
|
if ($request_method = POST) {
|
|
|
|
set $proxpass "http://${lemmy.upstreamName}";
|
|
|
|
}
|
|
|
|
proxy_pass $proxpass;
|
|
|
|
|
|
|
|
# Cuts off the trailing slash on URLs to make them valid
|
|
|
|
rewrite ^(.+)/+$ $1 permanent;
|
|
|
|
|
|
|
|
# Send actual client IP upstream
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
# again, lifted wholesale from
|
|
|
|
https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L60 lines
|
|
|
|
60-69 (nice!)
|
|
|
|
"~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
|
|
|
|
proxyPass = "http://${lemmy.upstreamName}";
|
|
|
|
extraConfig = ''
|
|
|
|
# proxy common stuff
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
|
|
|
|
## Send actual client IP upstream
|
|
|
|
#proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
#proxy_set_header Host $host;
|
|
|
|
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.lemmy-ui = {
|
|
|
|
environment = {
|
|
|
|
LEMMY_UI_HOST = lib.mkForce "${lemmy-ui.ip}:${toString lemmy-ui.port}";
|
|
|
|
LEMMY_UI_LEMMY_INTERNAL_HOST = lib.mkForce "${lemmy.ip}:${toString lemmy.port}";
|
|
|
|
LEMMY_UI_LEMMY_EXTERNAL_HOST = lib.mkForce lemmy.domain ;
|
|
|
|
LEMMY_UI_HTTPS="true";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.pict-rs = {
|
|
|
|
enable = true;
|
|
|
|
port = pict-rs.port;
|
|
|
|
dataDir = "${dataDir}/pict-rs";
|
|
|
|
address = pict-rs.ip;
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.lemmy = {
|
|
|
|
requires = ["postgresql.service"];
|
|
|
|
after = ["postgresql.service"];
|
|
|
|
environment = {
|
|
|
|
LEMMY_DATABASE_URL = lib.mkForce "postgresql://lemmy@127.0.0.1:${toString
|
|
|
|
config.services.postgresql.port}/lemmy";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.lemmy = {
|
|
|
|
enable = true;
|
|
|
|
ui.port = lemmy-ui.port;
|
|
|
|
database.createLocally = true;
|
|
|
|
settings = {
|
|
|
|
# TODO: Enable this much later when you tested everything.
|
|
|
|
# N.B. you can't change your domain name after enabling this.
|
|
|
|
federation.enabled = false;
|
|
|
|
# settings related to the postgresql database
|
|
|
|
database = {
|
|
|
|
user = "lemmy";
|
|
|
|
password = "secretlemmypassword";
|
|
|
|
host = "127.0.0.1";
|
|
|
|
port = ${config.services.postgresql.port};
|
|
|
|
database = "lemmy";
|
|
|
|
pool_size = 5;
|
|
|
|
};
|
|
|
|
# Pictrs image server configuration.
|
|
|
|
pictrs = {
|
|
|
|
# Address where pictrs is available (for image hosting)
|
|
|
|
url = "http://${pict-rs.ip}:${toString pict-rs.port}/";
|
|
|
|
# TODO: Set a custom pictrs API key. ( Required for deleting images )
|
|
|
|
api_key = "";
|
|
|
|
};
|
|
|
|
# TODO: Email sending configuration. All options except login/password are mandatory
|
|
|
|
email = {
|
|
|
|
# Hostname and port of the smtp server
|
|
|
|
smtp_server = "";
|
|
|
|
# Login name for smtp server
|
|
|
|
smtp_login = "";
|
|
|
|
# Password to login to the smtp server
|
|
|
|
smtp_password = "";
|
|
|
|
# Address to send emails from, eg "noreply@your-instance.com";
|
|
|
|
smtp_from_address = "noreply@${lemmy.domain}";
|
|
|
|
# Whether or not smtp connections should use tls. Can be none, tls, or starttls
|
|
|
|
tls_type = "none";
|
|
|
|
};
|
|
|
|
# TODO: Parameters for automatic configuration of new instance (only used at first start)
|
|
|
|
setup = {
|
|
|
|
# Username for the admin user
|
|
|
|
admin_username = "superawesomeadmin";
|
|
|
|
# Password for the admin user. It must be at least 10 characters.
|
|
|
|
admin_password = "";
|
|
|
|
# Name of the site (can be changed later)
|
|
|
|
site_name = "Lemmy at ${lemmy.domain}";
|
|
|
|
# Email for the admin user (optional, can be omitted and set later through the website)
|
|
|
|
admin_email = "admin@${lemmy.domain}";
|
|
|
|
};
|
|
|
|
# the domain name of your instance (mandatory)
|
|
|
|
hostname = lemmy.domain;
|
|
|
|
# Address where lemmy should listen for incoming requests
|
|
|
|
bind = lemmy.ip;
|
|
|
|
# Port where lemmy should listen for incoming requests
|
|
|
|
port = lemmy.port;
|
|
|
|
# Whether the site is available over TLS. Needs to be true for federation to work.
|
|
|
|
tls_enabled = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
# needed for now
|
|
|
|
nixpkgs.config.permittedInsecurePackages = [
|
|
|
|
"nodejs-14.21.3"
|
|
|
|
"openssl-1.1.1t"
|
|
|
|
];
|
|
|
|
|
|
|
|
system.activationScripts."make_sure_lemmy_user_owns_files" = ''
|
|
|
|
uid='${config.users.users.lemmy.uid}';
|
|
|
|
gid='${config.users.groups.lemmy.gid}';
|
|
|
|
dir='${lemmy.dataDir}'
|
|
|
|
|
|
|
|
mkdir -p "''${dir}"
|
|
|
|
|
|
|
|
if [[ "$(${pkgs.toybox}/bin/stat "''${dir}" -c '%u:%g' | tee /dev/stderr )" != "''${uid}:''${gid}" ]]; then
|
|
|
|
chown -R "''${uid}:''${gid}" "''${dir}"
|
|
|
|
fi
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div v-if="nixinServices.includes('nextcloud')">
|
|
|
|
services.nextcloud = {
|
|
|
|
enable = true;
|
|
|
|
hostName = "nextcloud.tld";
|
|
|
|
database.createLocally = true;
|
|
|
|
config = {
|
|
|
|
dbtype = "pgsql";
|
|
|
|
adminpassFile = "/path/to/admin-pass-file";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div v-if="nixinServices.includes('hedgedoc')">
|
|
|
|
networking.firewall = {
|
|
|
|
allowedTCPPorts = [ 8001 ];
|
|
|
|
};
|
|
|
|
services.hedgedoc = {
|
|
|
|
enable = true;
|
|
|
|
settings.domain = "hedgedoc.nixin.local";
|
|
|
|
settings.port = 8001;
|
|
|
|
settings.host = "0.0.0.0";
|
|
|
|
settings.protocolUseSSL = false;
|
|
|
|
settings.allowOrigin = [
|
|
|
|
"localhost"
|
|
|
|
"hedgedoc.nixin.local"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div v-if="nixinServices.includes('forgejoRunner')">
|
|
|
|
virtualisation.containers.enable = true;
|
|
|
|
virtualisation.podman = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
|
|
|
dockerCompat = true;
|
|
|
|
|
|
|
|
# Required for containers under podman-compose to be able to talk to each other.
|
|
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
services.gitea-actions-runner = {
|
|
|
|
package = pkgs.forgejo-runner;
|
|
|
|
instances.default = {
|
|
|
|
enable = true;
|
|
|
|
name = "dromadaire";
|
|
|
|
url = "https://git.distrilab.fr";
|
|
|
|
# Obtaining the path to the runner token file may differ
|
|
|
|
tokenFile = "/etc/forgejo/runner.token";
|
|
|
|
labels = [
|
|
|
|
# provide a debian base with nodejs for actions
|
|
|
|
"debian-latest:docker://node:20-bookworm"
|
|
|
|
# fake the ubuntu name, because node provides no ubuntu builds
|
|
|
|
"ubuntu-latest:docker://node:20-bookworm"
|
|
|
|
# nixos
|
|
|
|
"nixos:docker://nixos/nix:latest"
|
|
|
|
# provide native execution on the host
|
|
|
|
#"native:host"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
</div>
|
|
|
|
<div v-if="nixinServices.includes('forgejo')">
|
|
|
|
services.nginx = {
|
|
|
|
virtualHosts.${cfg.settings.server.DOMAIN} = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
extraConfig = ''
|
|
|
|
client_max_body_size 512M;
|
|
|
|
'';
|
|
|
|
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.forgejo = {
|
|
|
|
enable = true;
|
|
|
|
database.type = "postgres";
|
|
|
|
# Enable support for Git Large File Storage
|
|
|
|
lfs.enable = true;
|
|
|
|
settings = {
|
|
|
|
server = {
|
|
|
|
DOMAIN = "git.example.com";
|
|
|
|
# You need to specify this to remove the port from URLs in the web UI.
|
|
|
|
ROOT_URL = "https://${srv.DOMAIN}/";
|
|
|
|
HTTP_PORT = 3000;
|
|
|
|
};
|
|
|
|
# You can temporarily allow registration to create an admin user.
|
|
|
|
service.DISABLE_REGISTRATION = true;
|
|
|
|
# Add support for actions, based on act: https://github.com/nektos/act
|
|
|
|
actions = {
|
|
|
|
ENABLED = true;
|
|
|
|
DEFAULT_ACTIONS_URL = "github";
|
|
|
|
};
|
|
|
|
# Sending emails is completely optional
|
|
|
|
# You can send a test email from the web UI at:
|
|
|
|
# Profile Picture > Site Administration > Configuration > Mailer Configuration
|
|
|
|
mailer = {
|
|
|
|
ENABLED = true;
|
|
|
|
SMTP_ADDR = "mail.example.com";
|
|
|
|
FROM = "noreply@${srv.DOMAIN}";
|
|
|
|
USER = "noreply@${srv.DOMAIN}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
|
|
|
|
};
|
|
|
|
|
|
|
|
</div>
|
2024-09-24 10:46:27 +00:00
|
|
|
}
|
|
|
|
</code>
|
|
|
|
</pre>
|
|
|
|
</template>
|
|
|
|
|
|
|
|
<style>
|
|
|
|
:root {
|
|
|
|
box-sizing: border-box;
|
|
|
|
--co-body-bg: #eee;
|
|
|
|
--co-body-text: #444;
|
|
|
|
--co-body-accent: #4834d4;
|
|
|
|
--co-body-accent-contrast: #fff;
|
|
|
|
--co-textfld-bg: #fff;
|
|
|
|
--co-textfld-border: #ccc;
|
|
|
|
--co-textfld-active-border: #aaa;
|
|
|
|
--co-textfld-focus-border: var(--co-body-accent);
|
|
|
|
--co-textfld-valid-border: hsl(140 50% 75%);
|
|
|
|
--co-textfld-valid-active-border: hsl(140 50% 65%);
|
|
|
|
--co-textfld-valid-focus-border: hsl(140 50% 50%);
|
|
|
|
--co-textfld-invalid-border: hsl(20 65% 75%);
|
|
|
|
--co-textfld-invalid-active-border: hsl(20 65% 65%);
|
|
|
|
--co-textfld-invalid-focus-border: hsl(20 65% 50%);
|
|
|
|
--co-btn-text: var(--co-body-accent-contrast);
|
|
|
|
--co-btn-bg: var(--co-body-accent);
|
|
|
|
--co-btn-active-bg: #333;
|
|
|
|
--co-btn-focus-bg: #333;
|
|
|
|
}
|
|
|
|
|
|
|
|
.dark-mode {
|
|
|
|
--co-body-bg: #111;
|
|
|
|
--co-body-text: #ddd;
|
|
|
|
--co-body-accent: #6c5ce7;
|
|
|
|
--co-body-accent-contrast: #fff;
|
|
|
|
--co-textfld-bg: #222;
|
|
|
|
--co-textfld-border: #333;
|
|
|
|
--co-textfld-active-border: #444;
|
|
|
|
--co-textfld-focus-border: var(--co-body-accent);
|
|
|
|
--co-textfld-valid-border: hsl(140 90% 20%);
|
|
|
|
--co-textfld-valid-active-border: hsl(140 90% 30%);
|
|
|
|
--co-textfld-valid-focus-border: hsl(140 90% 45%);
|
|
|
|
--co-textfld-invalid-border: hsl(20 90% 20%);
|
|
|
|
--co-textfld-invalid-active-border: hsl(20 90% 30%);
|
|
|
|
--co-textfld-invalid-focus-border: hsl(20 90% 45%);
|
|
|
|
--co-btn-text: var(--co-body-accent-contrast);
|
|
|
|
--co-btn-bg: var(--co-body-accent);
|
|
|
|
--co-btn-active-bg: #333;
|
|
|
|
--co-btn-focus-bg: #333;
|
|
|
|
}
|
|
|
|
|
|
|
|
.dark-mode {
|
|
|
|
color-scheme: dark;
|
|
|
|
}
|
|
|
|
|
|
|
|
:root {
|
|
|
|
--leading-inputs: 120%;
|
|
|
|
--padding-inputs: 0.75em;
|
|
|
|
--margin-label: 0.5em;
|
|
|
|
--margin-form-gap: 1.5em;
|
|
|
|
--margin-btn-gap: 1em;
|
|
|
|
--width-input-border: 2px;
|
|
|
|
--width-inputs: 250px;
|
|
|
|
--width-textarea: 450px;
|
|
|
|
--height-textarea: 250px;
|
|
|
|
--radius-inputs: 0.25em;
|
|
|
|
--opacity-input-disabled: 0.5;
|
|
|
|
--transition-duration-inputs: 250ms;
|
|
|
|
--transition-function-inputs: ease-in-out;
|
|
|
|
--transition-inputs: color var(--transition-duration-inputs),
|
|
|
|
background-color var(--transition-duration-inputs),
|
|
|
|
border-color var(--transition-duration-inputs) var(--transition-function-inputs);
|
|
|
|
}
|
|
|
|
|
|
|
|
:read-only:not(label, button, input[type=button], input[type=submit], input[type=reset]) {
|
|
|
|
cursor: default;
|
|
|
|
}
|
|
|
|
|
|
|
|
:disabled {
|
|
|
|
opacity: var(--opacity-input-disabled);
|
|
|
|
cursor: not-allowed;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* All elemenets regardless of types */
|
|
|
|
input,
|
|
|
|
select,
|
|
|
|
option,
|
|
|
|
textarea,
|
|
|
|
button,
|
|
|
|
datalist,
|
|
|
|
fieldset,
|
|
|
|
legend,
|
|
|
|
optgroup,
|
|
|
|
output,
|
|
|
|
input::file-selector-button {
|
|
|
|
font: inherit;
|
|
|
|
color: inherit;
|
|
|
|
accent-color: var(--co-body-accent);
|
|
|
|
transition: var(--transition-inputs);
|
|
|
|
line-height: var(--leading-inputs);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* All elements with types */
|
|
|
|
/* Radio & Checkbox */
|
|
|
|
/* Buttons */
|
|
|
|
/* Select, Buttons and text-fields */
|
|
|
|
select,
|
|
|
|
textarea,
|
|
|
|
input[type=date],
|
|
|
|
input[type=datetime-local],
|
|
|
|
input[type=email],
|
|
|
|
input[type=month],
|
|
|
|
input[type=number],
|
|
|
|
input[type=password],
|
|
|
|
input[type=search],
|
|
|
|
input[type=tel],
|
|
|
|
input[type=text],
|
|
|
|
input[type=time],
|
|
|
|
input[type=url],
|
|
|
|
input[type=week],
|
|
|
|
button,
|
|
|
|
input[type=reset],
|
|
|
|
input[type=submit],
|
|
|
|
input[type=button],
|
|
|
|
input::file-selector-button {
|
|
|
|
border: var(--width-input-border) solid var(--co-textfld-border);
|
|
|
|
padding: var(--padding-inputs);
|
|
|
|
border-radius: var(--radius-inputs);
|
|
|
|
background-color: var(--co-textfld-bg);
|
|
|
|
}
|
|
|
|
|
|
|
|
select:focus,
|
|
|
|
textarea:focus,
|
|
|
|
input[type=date]:focus,
|
|
|
|
input[type=datetime-local]:focus,
|
|
|
|
input[type=email]:focus,
|
|
|
|
input[type=month]:focus,
|
|
|
|
input[type=number]:focus,
|
|
|
|
input[type=password]:focus,
|
|
|
|
input[type=search]:focus,
|
|
|
|
input[type=tel]:focus,
|
|
|
|
input[type=text]:focus,
|
|
|
|
input[type=time]:focus,
|
|
|
|
input[type=url]:focus,
|
|
|
|
input[type=week]:focus,
|
|
|
|
button:focus,
|
|
|
|
input[type=reset]:focus,
|
|
|
|
input[type=submit]:focus,
|
|
|
|
input[type=button]:focus,
|
|
|
|
input::file-selector-button:focus {
|
|
|
|
outline: 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* All text-fields x select */
|
|
|
|
select,
|
|
|
|
textarea,
|
|
|
|
input[type=date],
|
|
|
|
input[type=datetime-local],
|
|
|
|
input[type=email],
|
|
|
|
input[type=month],
|
|
|
|
input[type=number],
|
|
|
|
input[type=password],
|
|
|
|
input[type=search],
|
|
|
|
input[type=tel],
|
|
|
|
input[type=text],
|
|
|
|
input[type=time],
|
|
|
|
input[type=url],
|
|
|
|
input[type=week] {
|
|
|
|
max-width: var(--width-inputs);
|
|
|
|
width: 100%;
|
|
|
|
}
|
|
|
|
|
|
|
|
select:hover:not([readonly], [disabled]),
|
|
|
|
select:active:not([readonly], [disabled]),
|
|
|
|
textarea:hover:not([readonly], [disabled]),
|
|
|
|
textarea:active:not([readonly], [disabled]),
|
|
|
|
input[type=date]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=date]:active:not([readonly], [disabled]),
|
|
|
|
input[type=datetime-local]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=datetime-local]:active:not([readonly], [disabled]),
|
|
|
|
input[type=email]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=email]:active:not([readonly], [disabled]),
|
|
|
|
input[type=month]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=month]:active:not([readonly], [disabled]),
|
|
|
|
input[type=number]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=number]:active:not([readonly], [disabled]),
|
|
|
|
input[type=password]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=password]:active:not([readonly], [disabled]),
|
|
|
|
input[type=search]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=search]:active:not([readonly], [disabled]),
|
|
|
|
input[type=tel]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=tel]:active:not([readonly], [disabled]),
|
|
|
|
input[type=text]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=text]:active:not([readonly], [disabled]),
|
|
|
|
input[type=time]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=time]:active:not([readonly], [disabled]),
|
|
|
|
input[type=url]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=url]:active:not([readonly], [disabled]),
|
|
|
|
input[type=week]:hover:not([readonly], [disabled]),
|
|
|
|
input[type=week]:active:not([readonly], [disabled]) {
|
|
|
|
border-color: var(--co-textfld-active-border);
|
|
|
|
}
|
|
|
|
|
|
|
|
select:focus:not([readonly], [disabled]),
|
|
|
|
textarea:focus:not([readonly], [disabled]),
|
|
|
|
input[type=date]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=datetime-local]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=email]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=month]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=number]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=password]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=search]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=tel]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=text]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=time]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=url]:focus:not([readonly], [disabled]),
|
|
|
|
input[type=week]:focus:not([readonly], [disabled]) {
|
|
|
|
border-color: var(--co-textfld-focus-border);
|
|
|
|
}
|
|
|
|
|
|
|
|
select:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
select:required:valid:active:not([readonly], [disabled]),
|
|
|
|
textarea:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
textarea:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=date]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=date]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=datetime-local]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=datetime-local]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=email]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=email]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=month]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=month]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=number]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=number]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=password]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=password]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=search]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=search]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=tel]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=tel]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=text]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=text]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=time]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=time]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=url]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=url]:required:valid:active:not([readonly], [disabled]),
|
|
|
|
input[type=week]:required:valid:hover:not([readonly], [disabled]),
|
|
|
|
input[type=week]:required:valid:active:not([readonly], [disabled]) {
|
|
|
|
border-color: var(--co-textfld-valid-active-border);
|
|
|
|
}
|
|
|
|
|
|
|
|
select:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
textarea:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=date]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=datetime-local]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=email]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=month]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=number]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=password]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=search]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=tel]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=text]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=time]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=url]:required:valid:focus:not([readonly], [disabled]),
|
|
|
|
input[type=week]:required:valid:focus:not([readonly], [disabled]) {
|
|
|
|
border-color: var(--co-textfld-valid-focus-border);
|
|
|
|
}
|
|
|
|
|
|
|
|
select:required:invalid:hover,
|
|
|
|
select:required:invalid:active,
|
|
|
|
textarea:required:invalid:hover,
|
|
|
|
textarea:required:invalid:active,
|
|
|
|
input[type=date]:required:invalid:hover,
|
|
|
|
input[type=date]:required:invalid:active,
|
|
|
|
input[type=datetime-local]:required:invalid:hover,
|
|
|
|
input[type=datetime-local]:required:invalid:active,
|
|
|
|
input[type=email]:required:invalid:hover,
|
|
|
|
input[type=email]:required:invalid:active,
|
|
|
|
input[type=month]:required:invalid:hover,
|
|
|
|
input[type=month]:required:invalid:active,
|
|
|
|
input[type=number]:required:invalid:hover,
|
|
|
|
input[type=number]:required:invalid:active,
|
|
|
|
input[type=password]:required:invalid:hover,
|
|
|
|
input[type=password]:required:invalid:active,
|
|
|
|
input[type=search]:required:invalid:hover,
|
|
|
|
input[type=search]:required:invalid:active,
|
|
|
|
input[type=tel]:required:invalid:hover,
|
|
|
|
input[type=tel]:required:invalid:active,
|
|
|
|
input[type=text]:required:invalid:hover,
|
|
|
|
input[type=text]:required:invalid:active,
|
|
|
|
input[type=time]:required:invalid:hover,
|
|
|
|
input[type=time]:required:invalid:active,
|
|
|
|
input[type=url]:required:invalid:hover,
|
|
|
|
input[type=url]:required:invalid:active,
|
|
|
|
input[type=week]:required:invalid:hover,
|
|
|
|
input[type=week]:required:invalid:active {
|
|
|
|
border-color: var(--co-textfld-invalid-active-border);
|
|
|
|
}
|
|
|
|
|
|
|
|
select:required:invalid:focus,
|
|
|
|
textarea:required:invalid:focus,
|
|
|
|
input[type=date]:required:invalid:focus,
|
|
|
|
input[type=datetime-local]:required:invalid:focus,
|
|
|
|
input[type=email]:required:invalid:focus,
|
|
|
|
input[type=month]:required:invalid:focus,
|
|
|
|
input[type=number]:required:invalid:focus,
|
|
|
|
input[type=password]:required:invalid:focus,
|
|
|
|
input[type=search]:required:invalid:focus,
|
|
|
|
input[type=tel]:required:invalid:focus,
|
|
|
|
input[type=text]:required:invalid:focus,
|
|
|
|
input[type=time]:required:invalid:focus,
|
|
|
|
input[type=url]:required:invalid:focus,
|
|
|
|
input[type=week]:required:invalid:focus {
|
|
|
|
border-color: var(--co-textfld-invalid-focus-border);
|
|
|
|
}
|
|
|
|
|
|
|
|
select::selection,
|
|
|
|
textarea::selection,
|
|
|
|
input[type=date]::selection,
|
|
|
|
input[type=datetime-local]::selection,
|
|
|
|
input[type=email]::selection,
|
|
|
|
input[type=month]::selection,
|
|
|
|
input[type=number]::selection,
|
|
|
|
input[type=password]::selection,
|
|
|
|
input[type=search]::selection,
|
|
|
|
input[type=tel]::selection,
|
|
|
|
input[type=text]::selection,
|
|
|
|
input[type=time]::selection,
|
|
|
|
input[type=url]::selection,
|
|
|
|
input[type=week]::selection {
|
|
|
|
background-color: var(--co-body-accent);
|
|
|
|
color: var(--co-body-accent-contrast);
|
|
|
|
}
|
|
|
|
|
|
|
|
select:not([disabled], [readonly]) option:focus,
|
|
|
|
select:not([disabled], [readonly]) option:active,
|
|
|
|
select:not([disabled], [readonly]) option:hover,
|
|
|
|
select:not([disabled], [readonly]) option:checked {
|
|
|
|
background-color: var(--co-body-accent);
|
|
|
|
color: var(--co-body-accent-contrast);
|
|
|
|
}
|
|
|
|
|
|
|
|
input[type=color] {
|
|
|
|
cursor: pointer;
|
|
|
|
border-style: solid;
|
|
|
|
border-radius: var(--radius-inputs);
|
|
|
|
border-color: var(--co-textfld-border);
|
|
|
|
background-color: var(--co-textfld-bg);
|
|
|
|
}
|
|
|
|
|
|
|
|
input[type=color]:hover:not([disabled]),
|
|
|
|
input[type=color]:active:not([disabled]) {
|
|
|
|
border-color: var(--co-textfld-active-border);
|
|
|
|
}
|
|
|
|
|
|
|
|
input[type=color]:focus {
|
|
|
|
outline: 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
input[type=color]:focus:not([disabled]) {
|
|
|
|
border-color: var(--co-textfld-focus-border);
|
|
|
|
}
|
|
|
|
|
|
|
|
button,
|
|
|
|
input[type=reset],
|
|
|
|
input[type=submit],
|
|
|
|
input[type=button],
|
|
|
|
input::file-selector-button {
|
|
|
|
border-color: var(--co-btn-bg);
|
|
|
|
background-color: var(--co-btn-bg);
|
|
|
|
color: var(--co-btn-text);
|
|
|
|
cursor: pointer;
|
|
|
|
}
|
|
|
|
|
|
|
|
button:hover,
|
|
|
|
button:active,
|
|
|
|
input[type=reset]:hover,
|
|
|
|
input[type=reset]:active,
|
|
|
|
input[type=submit]:hover,
|
|
|
|
input[type=submit]:active,
|
|
|
|
input[type=button]:hover,
|
|
|
|
input[type=button]:active,
|
|
|
|
input::file-selector-button:hover,
|
|
|
|
input::file-selector-button:active {
|
|
|
|
background-color: var(--co-btn-active-bg);
|
|
|
|
border-color: var(--co-btn-active-bg);
|
|
|
|
}
|
|
|
|
|
|
|
|
button:focus,
|
|
|
|
input[type=reset]:focus,
|
|
|
|
input[type=submit]:focus,
|
|
|
|
input[type=button]:focus,
|
|
|
|
input::file-selector-button:focus {
|
|
|
|
background-color: var(--co-btn-active-bg);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Labels */
|
|
|
|
label {
|
|
|
|
cursor: pointer;
|
|
|
|
display: block;
|
|
|
|
}
|
|
|
|
|
|
|
|
label+label,
|
|
|
|
label+input,
|
|
|
|
label+select,
|
|
|
|
label+button,
|
|
|
|
label+textarea {
|
|
|
|
margin-top: var(--margin-label);
|
|
|
|
}
|
|
|
|
|
|
|
|
textarea {
|
|
|
|
max-width: var(--width-textarea);
|
|
|
|
height: var(--height-textarea);
|
|
|
|
}
|
|
|
|
|
|
|
|
textarea:read-only,
|
|
|
|
textarea:disabled {
|
|
|
|
resize: none;
|
|
|
|
}
|
|
|
|
|
|
|
|
input::file-selector-button {
|
|
|
|
margin-right: var(--margin-form-gap);
|
|
|
|
}
|
|
|
|
|
|
|
|
label:has(input:disabled) {
|
|
|
|
opacity: var(--opacity-input-disabled);
|
|
|
|
cursor: not-allowed;
|
|
|
|
}
|
|
|
|
|
|
|
|
label:has(input:disabled) :disabled {
|
|
|
|
opacity: 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
.site-container {
|
|
|
|
padding: 1.5em;
|
|
|
|
max-width: 1160px;
|
|
|
|
margin: 3em auto;
|
|
|
|
}
|
|
|
|
|
|
|
|
.form-row {
|
|
|
|
gap: var(--margin-form-gap);
|
|
|
|
}
|
|
|
|
|
|
|
|
.form-row+.form-row {
|
|
|
|
margin-top: var(--margin-form-gap);
|
|
|
|
}
|
|
|
|
|
|
|
|
.btn-group {
|
|
|
|
gap: var(--margin-btn-gap);
|
|
|
|
}
|
|
|
|
|
|
|
|
.form-row,
|
|
|
|
.btn-group {
|
|
|
|
display: flex;
|
|
|
|
flex-wrap: wrap;
|
|
|
|
}
|
|
|
|
</style>
|