diff --git a/.vitepress/theme/custom.css b/.vitepress/theme/custom.css
index 3c115f4..a2f0fe3 100644
--- a/.vitepress/theme/custom.css
+++ b/.vitepress/theme/custom.css
@@ -25,3 +25,12 @@
.form-cell input[type="text"]:focus {
border: 1px solid #0c78fc;
}
+.nix-code {
+ white-space: pre-wrap;
+}
+.nix-code code {
+ margin: 0;
+ padding: 0;
+ width: 100%;
+ display: block;
+}
diff --git a/components/ConfigForm.vue b/components/ConfigForm.vue
index cd5c33d..5229847 100644
--- a/components/ConfigForm.vue
+++ b/components/ConfigForm.vue
@@ -181,65 +181,86 @@ function selectServices(bundleId, services) {
Locale
+diff --git a/components/nix-code/hedgedoc.vue b/components/nix-code/hedgedoc.vue index c304602..625c25d 100644 --- a/components/nix-code/hedgedoc.vue +++ b/components/nix-code/hedgedoc.vue @@ -1,18 +1,14 @@ - networking.firewall = { - allowedTCPPorts = [ 8001 ]; - }; - services.hedgedoc = { - enable = true; - settings.domain = "hedgedoc.nixin.local"; - settings.port = 8001; - settings.host = "0.0.0.0"; - settings.protocolUseSSL = false; - settings.allowOrigin = [ - "localhost" - "hedgedoc.nixin.local" - ]; - }; - +services.hedgedoc = { + enable = true; + settings.domain = "hedgedoc.nixin.local"; + settings.port = 8001; + settings.host = "0.0.0.0"; + settings.protocolUseSSL = false; + settings.allowOrigin = [ + "localhost" + "hedgedoc.nixin.local" + ]; +}; diff --git a/inventory/demo-configuration.nix b/inventory/demo-configuration.nix index 6cbe864..0bf0f1f 100644 --- a/inventory/demo-configuration.nix +++ b/inventory/demo-configuration.nix @@ -1,29 +1,27 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ pkgs, ... }: { - #virtualisation.vmVariant.virtualisation.forwardPorts = [ - # { from = "host"; host.port = 8001; guest.port = 8001; } - #]; - networking.hosts = { "127.0.0.1" = [ "hedgedoc.nixin.local" ]; }; networking.hostName = "demo"; - #networking.firewall.enable = false; networking.firewall = { - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ + 80 + 443 + ]; }; services.hedgedoc = { enable = true; settings.domain = "hedgedoc.nixin.local"; - settings.port = 8001; - settings.host = "0.0.0.0"; + settings.port = 8001; + settings.host = "0.0.0.0"; settings.protocolUseSSL = false; settings.allowOrigin = [ - "localhost" - "hedgedoc.nixin.local" + "localhost" + "hedgedoc.nixin.local" ]; }; @@ -49,17 +47,15 @@ sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; virtualHosts."hedgedoc.nixin.local" = { - forceSSL = true; - enableACME = true; - root = "/var/www/hedgedoc"; - locations."/".proxyPass = "http://127.0.0.1:8001"; - locations."/socket.io/" = { - proxyPass = "http://127.0.0.1:8001"; - proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" - ; - }; + forceSSL = true; + enableACME = true; + root = "/var/www/hedgedoc"; + locations."/".proxyPass = "http://127.0.0.1:8001"; + locations."/socket.io/" = { + proxyPass = "http://127.0.0.1:8001"; + proxyWebsockets = true; + extraConfig = "proxy_ssl_server_name on;"; + }; }; };- { config, lib, pkgs, ... }: +{ pkgs, ... }: - { - imports = [ - ./hardware-configuration.nix - ]; +{ + networking.hosts = { + "127.0.0.1" = [ "{{ nixin.networkingHostname }}.{{nixin.networkingDomain}}" ]; + }; - networking = { - hostName = "{{ nixin.networkingHostname }}"; - domain = "{{ nixin.networkingDomain }}"; - nameservers = ["80.67.169.12" "2001:910:800::12" "80.67.169.40" "2001:910:800::40"]; - wg-quick.interfaces = { - wg0 = { - address = [ "10.42.0.3/32"]; - privateKeyFile = "/etc/wireguard_private_key"; + networking.hostName = "{{ nixin.networkingHostname }}"; + networking.domain = "{{ nixin.networkingDomain }}"; + networking.firewall = { + allowedTCPPorts = [ + 80 + 443 + ]; + }; - peers = [ - { - publicKey = "2MZzEGJzA3HrwkHf91TaKJEHwCNyVvsTLWoIYHrCxhY="; - presharedKeyFile = "/etc/wireguard_preshared_key"; - allowedIPs = [ "10.42.0.0/24" ]; - endpoint = "195.201.63.240:8098"; - persistentKeepalive = 15; - } - ]; - }; - }; - }; + time.timeZone = "{{ nixin.timezone }}"; + i18n.defaultLocale = "{{ nixin.locale }}"; +
+- users.users.{{ nixin.user }} = { + users.users.{{ nixin.user }} = { isNormalUser = true; extraGroups = [ "wheel" ]; initialPassword = "{{ nixin.userPassword }}"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBM+2TwkopAQF7splTWjORQoxjcp67VhodwzvTMlL8g florian@florian-LinuxMint-MBP" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRG0CyeeMMrrjTTm/PHgRXD/I4lH/bBPBCGUiL+cBdq douzeb@tux-12" - ]; - }; + }; - security.sudo.extraRules= [ - { + security.sudo.extraRules= [ + { users = [ "{{ nixin.user }}" ]; commands = [ - { command = "ALL" ; - options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea - } - ]; - } + { + command = "ALL" ; + options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea + } ]; + } + ]; + security.acme.defaults.email = "contact@nixin.local"; + security.acme.acceptTerms = true; - time.timeZone = "{{ nixin.timezone }}"; - i18n.defaultLocale = "{{ nixin.locale }}"; -+ -- } + services.nginx = { + enable = true; + + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # Only allow PFS-enabled ciphers with AES256 + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + virtualHosts."hedgedoc.nixin.local" = { + forceSSL = true; + enableACME = true; + root = "/var/www/hedgedoc"; + locations."/".proxyPass = "http://127.0.0.1:8001"; + locations."/socket.io/" = { + proxyPass = "http://127.0.0.1:8001"; + proxyWebsockets = true; + extraConfig = "proxy_ssl_server_name on;"; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + git + wget + tmux + mosh + htop + ]; + + system.stateVersion = "24.05"; +}-