feat(configuration): harmonize demo and vue component for configuration

This commit is contained in:
Florian Schmitt 2024-10-11 13:51:41 +03:00
parent b45617df8a
commit 81192c7b40
4 changed files with 104 additions and 82 deletions

View file

@ -25,3 +25,12 @@
.form-cell input[type="text"]:focus { .form-cell input[type="text"]:focus {
border: 1px solid #0c78fc; border: 1px solid #0c78fc;
} }
.nix-code {
white-space: pre-wrap;
}
.nix-code code {
margin: 0;
padding: 0;
width: 100%;
display: block;
}

View file

@ -181,64 +181,85 @@ function selectServices(bundleId, services) {
Locale<br /> Locale<br />
<h2>Auto-generated configuration.nix file</h2> <h2>Auto-generated configuration.nix file</h2>
<pre> <pre class="nix-code">
<code> <code>
{ config, lib, pkgs, ... }: { pkgs, ... }:
{ {
imports = [ networking.hosts = {
./hardware-configuration.nix "127.0.0.1" = [ "{{ nixin.networkingHostname }}.{{nixin.networkingDomain}}" ];
];
networking = {
hostName = "{{ nixin.networkingHostname }}";
domain = "{{ nixin.networkingDomain }}";
nameservers = ["80.67.169.12" "2001:910:800::12" "80.67.169.40" "2001:910:800::40"];
wg-quick.interfaces = {
wg0 = {
address = [ "10.42.0.3/32"];
privateKeyFile = "/etc/wireguard_private_key";
peers = [
{
publicKey = "2MZzEGJzA3HrwkHf91TaKJEHwCNyVvsTLWoIYHrCxhY=";
presharedKeyFile = "/etc/wireguard_preshared_key";
allowedIPs = [ "10.42.0.0/24" ];
endpoint = "195.201.63.240:8098";
persistentKeepalive = 15;
}
];
};
};
}; };
users.users.{{ nixin.user }} = { networking.hostName = "{{ nixin.networkingHostname }}";
isNormalUser = true; networking.domain = "{{ nixin.networkingDomain }}";
extraGroups = [ "wheel" ]; networking.firewall = {
initialPassword = "{{ nixin.userPassword }}"; allowedTCPPorts = [
openssh.authorizedKeys.keys = [ 80
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBM+2TwkopAQF7splTWjORQoxjcp67VhodwzvTMlL8g florian@florian-LinuxMint-MBP" 443
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRG0CyeeMMrrjTTm/PHgRXD/I4lH/bBPBCGUiL+cBdq douzeb@tux-12"
]; ];
}; };
security.sudo.extraRules= [
{
users = [ "{{ nixin.user }}" ];
commands = [
{ command = "ALL" ;
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
}
];
}
];
time.timeZone = "{{ nixin.timezone }}"; time.timeZone = "{{ nixin.timezone }}";
i18n.defaultLocale = "{{ nixin.locale }}"; i18n.defaultLocale = "{{ nixin.locale }}";
<div v-for="(service) in nixin.services" :key="service"> <div v-for="(service) in nixin.services" :key="service">
<NixCode :service="service" /> <NixCode :service="service" />
</div> </div>
users.users.{{ nixin.user }} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
initialPassword = "{{ nixin.userPassword }}";
};
security.sudo.extraRules= [
{
users = [ "{{ nixin.user }}" ];
commands = [
{
command = "ALL" ;
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
}
];
}
];
security.acme.defaults.email = "contact@nixin.local";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts."hedgedoc.nixin.local" = {
forceSSL = true;
enableACME = true;
root = "/var/www/hedgedoc";
locations."/".proxyPass = "http://127.0.0.1:8001";
locations."/socket.io/" = {
proxyPass = "http://127.0.0.1:8001";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
};
environment.systemPackages = with pkgs; [
git
wget
tmux
mosh
htop
];
system.stateVersion = "24.05";
} }
</code> </code>
</pre> </pre>

View file

@ -1,7 +1,4 @@
<template> <template>
networking.firewall = {
allowedTCPPorts = [ 8001 ];
};
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
settings.domain = "hedgedoc.nixin.local"; settings.domain = "hedgedoc.nixin.local";
@ -13,6 +10,5 @@
"hedgedoc.nixin.local" "hedgedoc.nixin.local"
]; ];
}; };
</template> </template>

View file

@ -1,18 +1,16 @@
{ config, lib, pkgs, modulesPath, ... }: { pkgs, ... }:
{ {
#virtualisation.vmVariant.virtualisation.forwardPorts = [
# { from = "host"; host.port = 8001; guest.port = 8001; }
#];
networking.hosts = { networking.hosts = {
"127.0.0.1" = [ "hedgedoc.nixin.local" ]; "127.0.0.1" = [ "hedgedoc.nixin.local" ];
}; };
networking.hostName = "demo"; networking.hostName = "demo";
#networking.firewall.enable = false;
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [
80
443
];
}; };
services.hedgedoc = { services.hedgedoc = {
@ -56,9 +54,7 @@
locations."/socket.io/" = { locations."/socket.io/" = {
proxyPass = "http://127.0.0.1:8001"; proxyPass = "http://127.0.0.1:8001";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = extraConfig = "proxy_ssl_server_name on;";
"proxy_ssl_server_name on;"
;
}; };
}; };
}; };