feat(configuration): harmonize demo and vue component for configuration

This commit is contained in:
Florian Schmitt 2024-10-11 13:51:41 +03:00
parent b45617df8a
commit 81192c7b40
4 changed files with 104 additions and 82 deletions

View file

@ -25,3 +25,12 @@
.form-cell input[type="text"]:focus { .form-cell input[type="text"]:focus {
border: 1px solid #0c78fc; border: 1px solid #0c78fc;
} }
.nix-code {
white-space: pre-wrap;
}
.nix-code code {
margin: 0;
padding: 0;
width: 100%;
display: block;
}

View file

@ -181,65 +181,86 @@ function selectServices(bundleId, services) {
Locale<br /> Locale<br />
<h2>Auto-generated configuration.nix file</h2> <h2>Auto-generated configuration.nix file</h2>
<pre> <pre class="nix-code">
<code> <code>
{ config, lib, pkgs, ... }: { pkgs, ... }:
{ {
imports = [ networking.hosts = {
./hardware-configuration.nix "127.0.0.1" = [ "{{ nixin.networkingHostname }}.{{nixin.networkingDomain}}" ];
]; };
networking = { networking.hostName = "{{ nixin.networkingHostname }}";
hostName = "{{ nixin.networkingHostname }}"; networking.domain = "{{ nixin.networkingDomain }}";
domain = "{{ nixin.networkingDomain }}"; networking.firewall = {
nameservers = ["80.67.169.12" "2001:910:800::12" "80.67.169.40" "2001:910:800::40"]; allowedTCPPorts = [
wg-quick.interfaces = { 80
wg0 = { 443
address = [ "10.42.0.3/32"]; ];
privateKeyFile = "/etc/wireguard_private_key"; };
peers = [ time.timeZone = "{{ nixin.timezone }}";
{ i18n.defaultLocale = "{{ nixin.locale }}";
publicKey = "2MZzEGJzA3HrwkHf91TaKJEHwCNyVvsTLWoIYHrCxhY="; <div v-for="(service) in nixin.services" :key="service">
presharedKeyFile = "/etc/wireguard_preshared_key"; <NixCode :service="service" />
allowedIPs = [ "10.42.0.0/24" ]; </div>
endpoint = "195.201.63.240:8098";
persistentKeepalive = 15;
}
];
};
};
};
users.users.{{ nixin.user }} = { users.users.{{ nixin.user }} = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
initialPassword = "{{ nixin.userPassword }}"; initialPassword = "{{ nixin.userPassword }}";
openssh.authorizedKeys.keys = [ };
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBM+2TwkopAQF7splTWjORQoxjcp67VhodwzvTMlL8g florian@florian-LinuxMint-MBP"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRG0CyeeMMrrjTTm/PHgRXD/I4lH/bBPBCGUiL+cBdq douzeb@tux-12"
];
};
security.sudo.extraRules= [ security.sudo.extraRules= [
{ {
users = [ "{{ nixin.user }}" ]; users = [ "{{ nixin.user }}" ];
commands = [ commands = [
{ command = "ALL" ; {
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea command = "ALL" ;
} options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
]; }
}
]; ];
}
];
security.acme.defaults.email = "contact@nixin.local";
security.acme.acceptTerms = true;
time.timeZone = "{{ nixin.timezone }}"; services.nginx = {
i18n.defaultLocale = "{{ nixin.locale }}"; enable = true;
<div v-for="(service) in nixin.services" :key="service">
<NixCode :service="service" /> # Use recommended settings
</div> recommendedGzipSettings = true;
} recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts."hedgedoc.nixin.local" = {
forceSSL = true;
enableACME = true;
root = "/var/www/hedgedoc";
locations."/".proxyPass = "http://127.0.0.1:8001";
locations."/socket.io/" = {
proxyPass = "http://127.0.0.1:8001";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
};
environment.systemPackages = with pkgs; [
git
wget
tmux
mosh
htop
];
system.stateVersion = "24.05";
}
</code> </code>
</pre> </pre>
</template> </template>

View file

@ -1,18 +1,14 @@
<template> <template>
networking.firewall = { services.hedgedoc = {
allowedTCPPorts = [ 8001 ]; enable = true;
}; settings.domain = "hedgedoc.nixin.local";
services.hedgedoc = { settings.port = 8001;
enable = true; settings.host = "0.0.0.0";
settings.domain = "hedgedoc.nixin.local"; settings.protocolUseSSL = false;
settings.port = 8001; settings.allowOrigin = [
settings.host = "0.0.0.0"; "localhost"
settings.protocolUseSSL = false; "hedgedoc.nixin.local"
settings.allowOrigin = [ ];
"localhost" };
"hedgedoc.nixin.local"
];
};
</template> </template>

View file

@ -1,29 +1,27 @@
{ config, lib, pkgs, modulesPath, ... }: { pkgs, ... }:
{ {
#virtualisation.vmVariant.virtualisation.forwardPorts = [
# { from = "host"; host.port = 8001; guest.port = 8001; }
#];
networking.hosts = { networking.hosts = {
"127.0.0.1" = [ "hedgedoc.nixin.local" ]; "127.0.0.1" = [ "hedgedoc.nixin.local" ];
}; };
networking.hostName = "demo"; networking.hostName = "demo";
#networking.firewall.enable = false;
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [
80
443
];
}; };
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
settings.domain = "hedgedoc.nixin.local"; settings.domain = "hedgedoc.nixin.local";
settings.port = 8001; settings.port = 8001;
settings.host = "0.0.0.0"; settings.host = "0.0.0.0";
settings.protocolUseSSL = false; settings.protocolUseSSL = false;
settings.allowOrigin = [ settings.allowOrigin = [
"localhost" "localhost"
"hedgedoc.nixin.local" "hedgedoc.nixin.local"
]; ];
}; };
@ -49,17 +47,15 @@
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts."hedgedoc.nixin.local" = { virtualHosts."hedgedoc.nixin.local" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/hedgedoc"; root = "/var/www/hedgedoc";
locations."/".proxyPass = "http://127.0.0.1:8001"; locations."/".proxyPass = "http://127.0.0.1:8001";
locations."/socket.io/" = { locations."/socket.io/" = {
proxyPass = "http://127.0.0.1:8001"; proxyPass = "http://127.0.0.1:8001";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = extraConfig = "proxy_ssl_server_name on;";
"proxy_ssl_server_name on;" };
;
};
}; };
}; };