nixin-web/inventory/demo-configuration.nix

72 lines
1.5 KiB
Nix
Raw Normal View History

{ pkgs, ... }:
2024-10-03 09:15:01 +00:00
2024-09-28 17:11:22 +00:00
{
2024-09-30 08:49:45 +00:00
networking.hosts = {
2024-09-30 09:18:45 +00:00
"127.0.0.1" = [ "hedgedoc.nixin.local" ];
2024-09-30 08:49:45 +00:00
};
2024-10-03 09:15:01 +00:00
2024-09-30 09:18:45 +00:00
networking.hostName = "demo";
2024-09-30 08:49:45 +00:00
networking.firewall = {
allowedTCPPorts = [
80
443
];
2024-09-30 08:49:45 +00:00
};
2024-10-03 09:15:01 +00:00
2024-09-30 08:49:45 +00:00
services.hedgedoc = {
enable = true;
settings.domain = "hedgedoc.nixin.local";
settings.port = 8001;
settings.host = "0.0.0.0";
2024-09-30 09:18:45 +00:00
settings.protocolUseSSL = false;
2024-09-30 08:49:45 +00:00
settings.allowOrigin = [
"localhost"
"hedgedoc.nixin.local"
2024-09-30 08:49:45 +00:00
];
};
2024-10-03 09:15:01 +00:00
2024-09-30 08:49:45 +00:00
users.users.operator = {
2024-09-28 17:11:22 +00:00
isNormalUser = true;
extraGroups = [ "wheel" ];
initialPassword = "test";
};
2024-10-03 09:15:01 +00:00
security.acme.defaults.email = "contact@nixin.local";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts."hedgedoc.nixin.local" = {
forceSSL = true;
enableACME = true;
root = "/var/www/hedgedoc";
locations."/".proxyPass = "http://127.0.0.1:8001";
locations."/socket.io/" = {
proxyPass = "http://127.0.0.1:8001";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
2024-10-03 09:15:01 +00:00
};
};
environment.systemPackages = with pkgs; [
git
wget
tmux
mosh
htop
];
2024-09-28 17:11:22 +00:00
system.stateVersion = "24.05";
}