2024-10-11 10:51:41 +00:00
|
|
|
{ pkgs, ... }:
|
2024-10-03 09:15:01 +00:00
|
|
|
|
2024-09-28 17:11:22 +00:00
|
|
|
{
|
2024-09-30 08:49:45 +00:00
|
|
|
networking.hosts = {
|
2024-09-30 09:18:45 +00:00
|
|
|
"127.0.0.1" = [ "hedgedoc.nixin.local" ];
|
2024-09-30 08:49:45 +00:00
|
|
|
};
|
2024-10-03 09:15:01 +00:00
|
|
|
|
2024-09-30 09:18:45 +00:00
|
|
|
networking.hostName = "demo";
|
2024-09-30 08:49:45 +00:00
|
|
|
networking.firewall = {
|
2024-10-11 10:51:41 +00:00
|
|
|
allowedTCPPorts = [
|
|
|
|
80
|
|
|
|
443
|
|
|
|
];
|
2024-09-30 08:49:45 +00:00
|
|
|
};
|
2024-10-03 09:15:01 +00:00
|
|
|
|
2024-09-30 08:49:45 +00:00
|
|
|
services.hedgedoc = {
|
|
|
|
enable = true;
|
|
|
|
settings.domain = "hedgedoc.nixin.local";
|
2024-10-11 10:51:41 +00:00
|
|
|
settings.port = 8001;
|
|
|
|
settings.host = "0.0.0.0";
|
2024-09-30 09:18:45 +00:00
|
|
|
settings.protocolUseSSL = false;
|
2024-09-30 08:49:45 +00:00
|
|
|
settings.allowOrigin = [
|
2024-10-11 10:51:41 +00:00
|
|
|
"localhost"
|
|
|
|
"hedgedoc.nixin.local"
|
2024-09-30 08:49:45 +00:00
|
|
|
];
|
|
|
|
};
|
2024-10-03 09:15:01 +00:00
|
|
|
|
2024-09-30 08:49:45 +00:00
|
|
|
users.users.operator = {
|
2024-09-28 17:11:22 +00:00
|
|
|
isNormalUser = true;
|
|
|
|
extraGroups = [ "wheel" ];
|
|
|
|
initialPassword = "test";
|
|
|
|
};
|
|
|
|
|
2024-10-03 09:15:01 +00:00
|
|
|
security.acme.defaults.email = "contact@nixin.local";
|
|
|
|
security.acme.acceptTerms = true;
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
# Use recommended settings
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
|
|
|
|
# Only allow PFS-enabled ciphers with AES256
|
|
|
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
|
|
|
|
|
|
|
virtualHosts."hedgedoc.nixin.local" = {
|
2024-10-11 10:51:41 +00:00
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
root = "/var/www/hedgedoc";
|
|
|
|
locations."/".proxyPass = "http://127.0.0.1:8001";
|
|
|
|
locations."/socket.io/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:8001";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
extraConfig = "proxy_ssl_server_name on;";
|
|
|
|
};
|
2024-10-03 09:15:01 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
git
|
|
|
|
wget
|
|
|
|
tmux
|
|
|
|
mosh
|
|
|
|
htop
|
|
|
|
];
|
|
|
|
|
2024-09-28 17:11:22 +00:00
|
|
|
system.stateVersion = "24.05";
|
|
|
|
}
|