feat(configuration): harmonize demo and vue component for configuration

2024-10-11 13:51:41 +03:00 · 2024-10-11 13:51:41 +03:00 · 81192c7b40
commit 81192c7b40
parent b45617df8a
4 changed files with 104 additions and 82 deletions
--- a/.vitepress/theme/custom.css
+++ b/.vitepress/theme/custom.css
@ -25,3 +25,12 @@
 .form-cell input[type="text"]:focus {
  border: 1px solid #0c78fc;
 }
+.nix-code {
+  white-space: pre-wrap;
+}
+.nix-code code {
+  margin: 0;
+  padding: 0;
+  width: 100%;
+  display: block;
+}
--- a/components/ConfigForm.vue
+++ b/components/ConfigForm.vue
@ -181,65 +181,86 @@ function selectServices(bundleId, services) {
  Locale<br />

  <h2>Auto-generated configuration.nix file</h2>
-  <pre>
+  <pre class="nix-code">
    <code>
-      { config, lib, pkgs, ... }:
+{ pkgs, ... }:

-      {
-      imports = [
-      ./hardware-configuration.nix
-      ];
+{
+  networking.hosts = {
+      "127.0.0.1" = [ "{{ nixin.networkingHostname }}.{{nixin.networkingDomain}}" ];
+  };

-      networking = {
-      hostName = "{{ nixin.networkingHostname }}";
-      domain = "{{ nixin.networkingDomain }}";
-      nameservers = ["80.67.169.12" "2001:910:800::12" "80.67.169.40" "2001:910:800::40"];
-      wg-quick.interfaces = {
-      wg0 = {
-      address = [ "10.42.0.3/32"];
-      privateKeyFile = "/etc/wireguard_private_key";
-
-      peers = [
-      {
-      publicKey = "2MZzEGJzA3HrwkHf91TaKJEHwCNyVvsTLWoIYHrCxhY=";
-      presharedKeyFile = "/etc/wireguard_preshared_key";
-      allowedIPs = [ "10.42.0.0/24" ];
-      endpoint = "195.201.63.240:8098";
-      persistentKeepalive = 15;
-      }
+  networking.hostName = "{{ nixin.networkingHostname }}";
+  networking.domain = "{{ nixin.networkingDomain }}";
+  networking.firewall = {
+    allowedTCPPorts = [
+      80
+      443
    ];
  };
-      };
-      };
+
+  time.timeZone = "{{ nixin.timezone }}";
+  i18n.defaultLocale = "{{ nixin.locale }}";
+<div v-for="(service) in nixin.services" :key="service">
+<NixCode :service="service" />
+</div>

  users.users.{{ nixin.user }} = {
      isNormalUser = true;
      extraGroups = [ "wheel" ];
      initialPassword = "{{ nixin.userPassword }}";
-      openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBM+2TwkopAQF7splTWjORQoxjcp67VhodwzvTMlL8g florian@florian-LinuxMint-MBP"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRG0CyeeMMrrjTTm/PHgRXD/I4lH/bBPBCGUiL+cBdq douzeb@tux-12"
-      ];
  };

  security.sudo.extraRules= [
    {
      users = [ "{{ nixin.user }}" ];
      commands = [
-      { command = "ALL" ;
+        { 
+          command = "ALL" ;
          options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
        }
      ];
    }
  ];

+  security.acme.defaults.email = "contact@nixin.local";
+  security.acme.acceptTerms = true;

-      time.timeZone = "{{ nixin.timezone }}";
-      i18n.defaultLocale = "{{ nixin.locale }}";
-      <div v-for="(service) in nixin.services" :key="service">
-        <NixCode :service="service" />
-      </div>
-      }
+  services.nginx = {
+    enable = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    # Only allow PFS-enabled ciphers with AES256
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+    virtualHosts."hedgedoc.nixin.local" = {
+      forceSSL = true;
+      enableACME = true;  
+      root = "/var/www/hedgedoc";
+      locations."/".proxyPass = "http://127.0.0.1:8001";
+      locations."/socket.io/" = {
+        proxyPass = "http://127.0.0.1:8001";
+        proxyWebsockets = true;
+        extraConfig = "proxy_ssl_server_name on;";
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    wget
+    tmux
+    mosh
+    htop
+  ];  
+
+  system.stateVersion = "24.05";
+}
    </code>
  </pre>
 </template>
--- a/components/nix-code/hedgedoc.vue
+++ b/components/nix-code/hedgedoc.vue
@ -1,8 +1,5 @@
 <template>
-        networking.firewall = {
-        allowedTCPPorts = [ 8001 ];
-        };
-        services.hedgedoc = {
+services.hedgedoc = {
  enable = true;
  settings.domain = "hedgedoc.nixin.local";
  settings.port = 8001;
@ -12,7 +9,6 @@
    "localhost"
    "hedgedoc.nixin.local"
  ];
-        };
-
+};
 </template>

--- a/inventory/demo-configuration.nix
+++ b/inventory/demo-configuration.nix
@ -1,18 +1,16 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ pkgs, ... }:

 {
-  #virtualisation.vmVariant.virtualisation.forwardPorts = [
-  #  { from = "host"; host.port = 8001; guest.port = 8001; }
-  #];
-
  networking.hosts = {
    "127.0.0.1" = [ "hedgedoc.nixin.local" ];
  };

  networking.hostName = "demo";
-  #networking.firewall.enable = false;
  networking.firewall = {
-    allowedTCPPorts = [ 80 443 ];
+    allowedTCPPorts = [
+      80
+      443
+    ];
  };

  services.hedgedoc = {
@ -56,9 +54,7 @@
      locations."/socket.io/" = {
        proxyPass = "http://127.0.0.1:8001";
        proxyWebsockets = true;
-          extraConfig =
-            "proxy_ssl_server_name on;"
-            ;
+        extraConfig = "proxy_ssl_server_name on;";
      };
    };
  };