feat(configuration): harmonize demo and vue component for configuration
This commit is contained in:
parent
b45617df8a
commit
81192c7b40
4 changed files with 104 additions and 82 deletions
|
@ -25,3 +25,12 @@
|
||||||
.form-cell input[type="text"]:focus {
|
.form-cell input[type="text"]:focus {
|
||||||
border: 1px solid #0c78fc;
|
border: 1px solid #0c78fc;
|
||||||
}
|
}
|
||||||
|
.nix-code {
|
||||||
|
white-space: pre-wrap;
|
||||||
|
}
|
||||||
|
.nix-code code {
|
||||||
|
margin: 0;
|
||||||
|
padding: 0;
|
||||||
|
width: 100%;
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
|
@ -181,65 +181,86 @@ function selectServices(bundleId, services) {
|
||||||
Locale<br />
|
Locale<br />
|
||||||
|
|
||||||
<h2>Auto-generated configuration.nix file</h2>
|
<h2>Auto-generated configuration.nix file</h2>
|
||||||
<pre>
|
<pre class="nix-code">
|
||||||
<code>
|
<code>
|
||||||
{ config, lib, pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
networking.hosts = {
|
||||||
./hardware-configuration.nix
|
"127.0.0.1" = [ "{{ nixin.networkingHostname }}.{{nixin.networkingDomain}}" ];
|
||||||
];
|
};
|
||||||
|
|
||||||
networking = {
|
networking.hostName = "{{ nixin.networkingHostname }}";
|
||||||
hostName = "{{ nixin.networkingHostname }}";
|
networking.domain = "{{ nixin.networkingDomain }}";
|
||||||
domain = "{{ nixin.networkingDomain }}";
|
networking.firewall = {
|
||||||
nameservers = ["80.67.169.12" "2001:910:800::12" "80.67.169.40" "2001:910:800::40"];
|
allowedTCPPorts = [
|
||||||
wg-quick.interfaces = {
|
80
|
||||||
wg0 = {
|
443
|
||||||
address = [ "10.42.0.3/32"];
|
];
|
||||||
privateKeyFile = "/etc/wireguard_private_key";
|
};
|
||||||
|
|
||||||
peers = [
|
time.timeZone = "{{ nixin.timezone }}";
|
||||||
{
|
i18n.defaultLocale = "{{ nixin.locale }}";
|
||||||
publicKey = "2MZzEGJzA3HrwkHf91TaKJEHwCNyVvsTLWoIYHrCxhY=";
|
<div v-for="(service) in nixin.services" :key="service">
|
||||||
presharedKeyFile = "/etc/wireguard_preshared_key";
|
<NixCode :service="service" />
|
||||||
allowedIPs = [ "10.42.0.0/24" ];
|
</div>
|
||||||
endpoint = "195.201.63.240:8098";
|
|
||||||
persistentKeepalive = 15;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.{{ nixin.user }} = {
|
users.users.{{ nixin.user }} = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
initialPassword = "{{ nixin.userPassword }}";
|
initialPassword = "{{ nixin.userPassword }}";
|
||||||
openssh.authorizedKeys.keys = [
|
};
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBM+2TwkopAQF7splTWjORQoxjcp67VhodwzvTMlL8g florian@florian-LinuxMint-MBP"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRG0CyeeMMrrjTTm/PHgRXD/I4lH/bBPBCGUiL+cBdq douzeb@tux-12"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
security.sudo.extraRules= [
|
security.sudo.extraRules= [
|
||||||
{
|
{
|
||||||
users = [ "{{ nixin.user }}" ];
|
users = [ "{{ nixin.user }}" ];
|
||||||
commands = [
|
commands = [
|
||||||
{ command = "ALL" ;
|
{
|
||||||
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
|
command = "ALL" ;
|
||||||
}
|
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
|
||||||
];
|
}
|
||||||
}
|
|
||||||
];
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
security.acme.defaults.email = "contact@nixin.local";
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
|
||||||
time.timeZone = "{{ nixin.timezone }}";
|
services.nginx = {
|
||||||
i18n.defaultLocale = "{{ nixin.locale }}";
|
enable = true;
|
||||||
<div v-for="(service) in nixin.services" :key="service">
|
|
||||||
<NixCode :service="service" />
|
# Use recommended settings
|
||||||
</div>
|
recommendedGzipSettings = true;
|
||||||
}
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
|
# Only allow PFS-enabled ciphers with AES256
|
||||||
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||||
|
|
||||||
|
virtualHosts."hedgedoc.nixin.local" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
root = "/var/www/hedgedoc";
|
||||||
|
locations."/".proxyPass = "http://127.0.0.1:8001";
|
||||||
|
locations."/socket.io/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8001";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig = "proxy_ssl_server_name on;";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
git
|
||||||
|
wget
|
||||||
|
tmux
|
||||||
|
mosh
|
||||||
|
htop
|
||||||
|
];
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
}
|
||||||
</code>
|
</code>
|
||||||
</pre>
|
</pre>
|
||||||
</template>
|
</template>
|
||||||
|
|
|
@ -1,18 +1,14 @@
|
||||||
<template>
|
<template>
|
||||||
networking.firewall = {
|
services.hedgedoc = {
|
||||||
allowedTCPPorts = [ 8001 ];
|
enable = true;
|
||||||
};
|
settings.domain = "hedgedoc.nixin.local";
|
||||||
services.hedgedoc = {
|
settings.port = 8001;
|
||||||
enable = true;
|
settings.host = "0.0.0.0";
|
||||||
settings.domain = "hedgedoc.nixin.local";
|
settings.protocolUseSSL = false;
|
||||||
settings.port = 8001;
|
settings.allowOrigin = [
|
||||||
settings.host = "0.0.0.0";
|
"localhost"
|
||||||
settings.protocolUseSSL = false;
|
"hedgedoc.nixin.local"
|
||||||
settings.allowOrigin = [
|
];
|
||||||
"localhost"
|
};
|
||||||
"hedgedoc.nixin.local"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
|
|
|
@ -1,29 +1,27 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
#virtualisation.vmVariant.virtualisation.forwardPorts = [
|
|
||||||
# { from = "host"; host.port = 8001; guest.port = 8001; }
|
|
||||||
#];
|
|
||||||
|
|
||||||
networking.hosts = {
|
networking.hosts = {
|
||||||
"127.0.0.1" = [ "hedgedoc.nixin.local" ];
|
"127.0.0.1" = [ "hedgedoc.nixin.local" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.hostName = "demo";
|
networking.hostName = "demo";
|
||||||
#networking.firewall.enable = false;
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = [ 80 443 ];
|
allowedTCPPorts = [
|
||||||
|
80
|
||||||
|
443
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.hedgedoc = {
|
services.hedgedoc = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.domain = "hedgedoc.nixin.local";
|
settings.domain = "hedgedoc.nixin.local";
|
||||||
settings.port = 8001;
|
settings.port = 8001;
|
||||||
settings.host = "0.0.0.0";
|
settings.host = "0.0.0.0";
|
||||||
settings.protocolUseSSL = false;
|
settings.protocolUseSSL = false;
|
||||||
settings.allowOrigin = [
|
settings.allowOrigin = [
|
||||||
"localhost"
|
"localhost"
|
||||||
"hedgedoc.nixin.local"
|
"hedgedoc.nixin.local"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -49,17 +47,15 @@
|
||||||
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||||
|
|
||||||
virtualHosts."hedgedoc.nixin.local" = {
|
virtualHosts."hedgedoc.nixin.local" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
root = "/var/www/hedgedoc";
|
root = "/var/www/hedgedoc";
|
||||||
locations."/".proxyPass = "http://127.0.0.1:8001";
|
locations."/".proxyPass = "http://127.0.0.1:8001";
|
||||||
locations."/socket.io/" = {
|
locations."/socket.io/" = {
|
||||||
proxyPass = "http://127.0.0.1:8001";
|
proxyPass = "http://127.0.0.1:8001";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig =
|
extraConfig = "proxy_ssl_server_name on;";
|
||||||
"proxy_ssl_server_name on;"
|
};
|
||||||
;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue