diff --git a/.vitepress/theme/custom.css b/.vitepress/theme/custom.css
index 3c115f4..a2f0fe3 100644
--- a/.vitepress/theme/custom.css
+++ b/.vitepress/theme/custom.css
@@ -25,3 +25,12 @@
.form-cell input[type="text"]:focus {
border: 1px solid #0c78fc;
}
+.nix-code {
+ white-space: pre-wrap;
+}
+.nix-code code {
+ margin: 0;
+ padding: 0;
+ width: 100%;
+ display: block;
+}
diff --git a/components/ConfigForm.vue b/components/ConfigForm.vue
index cd5c33d..5229847 100644
--- a/components/ConfigForm.vue
+++ b/components/ConfigForm.vue
@@ -181,65 +181,86 @@ function selectServices(bundleId, services) {
Locale
Auto-generated configuration.nix file
-
+
- { config, lib, pkgs, ... }:
+{ pkgs, ... }:
- {
- imports = [
- ./hardware-configuration.nix
- ];
+{
+ networking.hosts = {
+ "127.0.0.1" = [ "{{ nixin.networkingHostname }}.{{nixin.networkingDomain}}" ];
+ };
- networking = {
- hostName = "{{ nixin.networkingHostname }}";
- domain = "{{ nixin.networkingDomain }}";
- nameservers = ["80.67.169.12" "2001:910:800::12" "80.67.169.40" "2001:910:800::40"];
- wg-quick.interfaces = {
- wg0 = {
- address = [ "10.42.0.3/32"];
- privateKeyFile = "/etc/wireguard_private_key";
+ networking.hostName = "{{ nixin.networkingHostname }}";
+ networking.domain = "{{ nixin.networkingDomain }}";
+ networking.firewall = {
+ allowedTCPPorts = [
+ 80
+ 443
+ ];
+ };
- peers = [
- {
- publicKey = "2MZzEGJzA3HrwkHf91TaKJEHwCNyVvsTLWoIYHrCxhY=";
- presharedKeyFile = "/etc/wireguard_preshared_key";
- allowedIPs = [ "10.42.0.0/24" ];
- endpoint = "195.201.63.240:8098";
- persistentKeepalive = 15;
- }
- ];
- };
- };
- };
+ time.timeZone = "{{ nixin.timezone }}";
+ i18n.defaultLocale = "{{ nixin.locale }}";
+
+
+
- users.users.{{ nixin.user }} = {
+ users.users.{{ nixin.user }} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
initialPassword = "{{ nixin.userPassword }}";
- openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBM+2TwkopAQF7splTWjORQoxjcp67VhodwzvTMlL8g florian@florian-LinuxMint-MBP"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRG0CyeeMMrrjTTm/PHgRXD/I4lH/bBPBCGUiL+cBdq douzeb@tux-12"
- ];
- };
+ };
- security.sudo.extraRules= [
- {
+ security.sudo.extraRules= [
+ {
users = [ "{{ nixin.user }}" ];
commands = [
- { command = "ALL" ;
- options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
- }
- ];
- }
+ {
+ command = "ALL" ;
+ options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
+ }
];
+ }
+ ];
+ security.acme.defaults.email = "contact@nixin.local";
+ security.acme.acceptTerms = true;
- time.timeZone = "{{ nixin.timezone }}";
- i18n.defaultLocale = "{{ nixin.locale }}";
-
-
-
- }
+ services.nginx = {
+ enable = true;
+
+ # Use recommended settings
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+
+ # Only allow PFS-enabled ciphers with AES256
+ sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+ virtualHosts."hedgedoc.nixin.local" = {
+ forceSSL = true;
+ enableACME = true;
+ root = "/var/www/hedgedoc";
+ locations."/".proxyPass = "http://127.0.0.1:8001";
+ locations."/socket.io/" = {
+ proxyPass = "http://127.0.0.1:8001";
+ proxyWebsockets = true;
+ extraConfig = "proxy_ssl_server_name on;";
+ };
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ git
+ wget
+ tmux
+ mosh
+ htop
+ ];
+
+ system.stateVersion = "24.05";
+}
diff --git a/components/nix-code/hedgedoc.vue b/components/nix-code/hedgedoc.vue
index c304602..625c25d 100644
--- a/components/nix-code/hedgedoc.vue
+++ b/components/nix-code/hedgedoc.vue
@@ -1,18 +1,14 @@
- networking.firewall = {
- allowedTCPPorts = [ 8001 ];
- };
- services.hedgedoc = {
- enable = true;
- settings.domain = "hedgedoc.nixin.local";
- settings.port = 8001;
- settings.host = "0.0.0.0";
- settings.protocolUseSSL = false;
- settings.allowOrigin = [
- "localhost"
- "hedgedoc.nixin.local"
- ];
- };
-
+services.hedgedoc = {
+ enable = true;
+ settings.domain = "hedgedoc.nixin.local";
+ settings.port = 8001;
+ settings.host = "0.0.0.0";
+ settings.protocolUseSSL = false;
+ settings.allowOrigin = [
+ "localhost"
+ "hedgedoc.nixin.local"
+ ];
+};
diff --git a/inventory/demo-configuration.nix b/inventory/demo-configuration.nix
index 6cbe864..0bf0f1f 100644
--- a/inventory/demo-configuration.nix
+++ b/inventory/demo-configuration.nix
@@ -1,29 +1,27 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ pkgs, ... }:
{
- #virtualisation.vmVariant.virtualisation.forwardPorts = [
- # { from = "host"; host.port = 8001; guest.port = 8001; }
- #];
-
networking.hosts = {
"127.0.0.1" = [ "hedgedoc.nixin.local" ];
};
networking.hostName = "demo";
- #networking.firewall.enable = false;
networking.firewall = {
- allowedTCPPorts = [ 80 443 ];
+ allowedTCPPorts = [
+ 80
+ 443
+ ];
};
services.hedgedoc = {
enable = true;
settings.domain = "hedgedoc.nixin.local";
- settings.port = 8001;
- settings.host = "0.0.0.0";
+ settings.port = 8001;
+ settings.host = "0.0.0.0";
settings.protocolUseSSL = false;
settings.allowOrigin = [
- "localhost"
- "hedgedoc.nixin.local"
+ "localhost"
+ "hedgedoc.nixin.local"
];
};
@@ -49,17 +47,15 @@
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts."hedgedoc.nixin.local" = {
- forceSSL = true;
- enableACME = true;
- root = "/var/www/hedgedoc";
- locations."/".proxyPass = "http://127.0.0.1:8001";
- locations."/socket.io/" = {
- proxyPass = "http://127.0.0.1:8001";
- proxyWebsockets = true;
- extraConfig =
- "proxy_ssl_server_name on;"
- ;
- };
+ forceSSL = true;
+ enableACME = true;
+ root = "/var/www/hedgedoc";
+ locations."/".proxyPass = "http://127.0.0.1:8001";
+ locations."/socket.io/" = {
+ proxyPass = "http://127.0.0.1:8001";
+ proxyWebsockets = true;
+ extraConfig = "proxy_ssl_server_name on;";
+ };
};
};