refacto(components): new folders and custom folders feature (and little css optimisation)

This commit is contained in:
Florian Schmitt 2024-10-11 13:23:21 +03:00
parent fb8296c081
commit b45617df8a
23 changed files with 500 additions and 932 deletions

View file

@ -11,3 +11,17 @@
border-radius: 10em;
}
.form-cell {
margin-bottom: 1em;
}
.form-cell input[type="text"] {
border: 1px solid rgb(60, 60, 67);
display: block;
padding: 0.25em 0.5em;
border-radius: 0.25em;
min-width: 40em;
}
.form-cell input[type="text"]:focus {
border: 1px solid #0c78fc;
}

View file

@ -2,20 +2,4 @@
import DefaultTheme from 'vitepress/theme'
import './custom.css'
/** @type {import('vitepress').Theme} */
export default {
extends: DefaultTheme,
enhanceApp({ app }) {
const components = import.meta.glob('./components/*.vue', { eager: true })
for (const path in components) {
mcomponents[path]().then((c) => {
console.log(path, c)
})
}
Object.entries(components).forEach(([path, definition]) => {
const componentName = path.split('/').pop().replace(/\.\w+$/, '')
console.log(componentName)
app.component(componentName, definition.default)
})
}
}
export default DefaultTheme

View file

@ -6,7 +6,7 @@ import { provide, ref } from 'vue'
let nixin = {
netconf: 'autoconfig',
networkingHostname: '',
networkingDomain: 'distrilab.eu',
networkingDomain: 'nixin.local',
availableBundles: [
{
"id": "writeCollectively",
@ -85,7 +85,7 @@ provide('nixin', nixin)
function netconfHasBeenChanged(val = '') {
if (val === 'autoconfig') {
nixin.networkingDomain = 'distrilab.org'
nixin.networkingDomain = 'nixin.local'
} else {
nixin.networkingDomain = ''
}
@ -113,23 +113,30 @@ function selectServices(bundleId, services) {
<h2>Networking</h2>
<div class="form-cell">
<strong>Choose your network configuration</strong>
<div>
<label>
<input type="radio" v-model="nixin.netconf" value="autoconfig"
@click="netconfHasBeenChanged('autoconfig')">I'm a noob in network config, I trust you to provide networking
for me (ipv6 only)</label>
</div>
<div>
<label>
<input type="radio" v-model="nixin.netconf" value="publicip" @click="netconfHasBeenChanged">My server
has a public ip that I can provide
</label>
</div>
<div>
<label>
<input type="radio" v-model="nixin.netconf" value="localnetwork" @click="netconfHasBeenChanged">My
router is set so that my local machine is accessible on the public network
</label>
</div>
<div>
<label>
<input type="radio" v-model="nixin.netconf" value="wireguard" @click="netconfHasBeenChanged">My server can use a wireguard server i can configure
</label>
</div>
</div>
<div class="form-row">
<div class="form-cell">
<label>Machine network name</label>
@ -230,906 +237,9 @@ function selectServices(bundleId, services) {
time.timeZone = "{{ nixin.timezone }}";
i18n.defaultLocale = "{{ nixin.locale }}";
<div v-for="(service) in nixin.services" :key="service">
<NixCode :service-name="service" />
</div>
<div v-if="nixin.services.includes('gotosocial')">
{
services.gotosocial = {
enable = true;
setupPostgresqlDB = true;
settings = {
application-name = "My GoToSocial";
host = "gotosocial.example.com";
protocol = "https";
bind-address = "127.0.0.1";
port = 8080;
};
};
}
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
clientMaxBodySize = "40M";
virtualHosts = with config.services.gotosocial.settings; {
"${host}" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://${bind-address}:${toString port}";
};
};
};
};
};
}
</div>
<div v-if="nixin.services.includes('peertube')">
networking.extraHosts = ''
127.0.0.1 peertube.local
'';
environment.etc = {
"peertube/password-posgressql-db".text = "test123";
"peertube/password-redis-db".text = "test123";
};
services = {
peertube = {
enable = true;
localDomain = "peertube.local";
enableWebHttps = false;
database = {
host = "127.0.0.1";
name = "peertube_local";
user = "peertube_test";
passwordFile = "/etc/peertube/password-posgressql-db";
};
redis = {
host = "127.0.0.1";
port = 31638;
passwordFile = "/etc/peertube/password-redis-db";
};
settings = {
listen.hostname = "0.0.0.0";
instance.name = "PeerTube Test Server";
};
};
postgresql = {
enable = true;
enableTCPIP = true;
authentication = ''
hostnossl peertube_local peertube_test 127.0.0.1/32 md5
'';
initialScript = pkgs.writeText "postgresql_init.sql" ''
CREATE ROLE peertube_test LOGIN PASSWORD 'test123';
CREATE DATABASE peertube_local TEMPLATE template0 ENCODING UTF8;
GRANT ALL PRIVILEGES ON DATABASE peertube_local TO peertube_test;
ALTER DATABASE peertube_local OWNER TO peertube_test;
\connect peertube_local
CREATE EXTENSION IF NOT EXISTS pg_trgm;
CREATE EXTENSION IF NOT EXISTS unaccent;
'';
};
redis.servers.peertube = {
enable = true;
bind = "0.0.0.0";
requirePass = "test123";
port = 31638;
};
};
</div>
<div v-if="nixin.services.includes('lemmy')">
let
# add nginx reverse proxy and ACME web certificate
add_nginx = true;
nginx_ports = [ 80 443 ];
lemmy = {
upstreamName = "lemmy";
dataDir = "/var/lib/lemmy";
ip = "127.0.0.1";
port = 1234;
# TODO: Change this domain to your own
domain = "lemmy.example.com";
};
lemmy-ui = {
upstreamName = "lemmy-ui";
ip = "127.0.0.1";
port = 8536;
};
pict-rs = {
ip = "127.0.0.1";
port = 8080;
};
acmeDomain = lemmy.domain;
nginxVhost = lemmy.domain;
in {
security.acme = lib.mkIf add_nginx {
# TODO: change this to true if you accept
acceptTerms = false;
defaults = {
# TODO: you will receive a notification if automatic certificate renewal fails
email = "postmaster@${lemmy.domain}";
# TODO: put your dns provider here: https://go-acme.github.io/lego/dns/
dnsProvider = "";
# TODO: this file should contain environment variables expected by your dns provider
credentialsFile = "";
};
certs."${acmeDomain}" = {
domain = "${acmeDomain}";
};
};
networking.firewall.allowedTCPPorts = lib.mkIf add_nginx nginx_ports;
# is needed because of certificate file permissions
users.users.nginx.extraGroups = lib.mkIf add_nginx ["acme"];
services.nginx = lib.mkIf add_nginx {
upstreams."${lemmy.upstreamName}".servers."${lemmy.ip}:${builtins.toString lemmy.port}" = {};
upstreams."${lemmy-ui.upstreamName}".servers."${lemmy-ui.ip}:${builtins.toString lemmy-ui.port}" = {};
virtualHosts."${nginxVhost}" = {
useACMEHost = "${acmeDomain}";
# inherit from config.security.acme.acmeRoot;
acmeRoot = null;
# add redirects from http to https
forceSSL = true;
# this whole block was lifted from
https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L21 lines
21-32
extraConfig = ''
# disables emitting nginx version on error pages and in the Server response header field
server_tokens off;
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;
# Upload limit, relevant for pictrs
client_max_body_size 20M;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
'';
locations = {
"/" = {
extraConfig = ''
# distinguish between ui requests and backend
# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
set $proxpass "http://${lemmy-ui.upstreamName}";
if ($http_accept = "application/activity+json") {
set $proxpass "http://${lemmy.upstreamName}";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
set $proxpass "http://${lemmy.upstreamName}";
}
if ($request_method = POST) {
set $proxpass "http://${lemmy.upstreamName}";
}
proxy_pass $proxpass;
# Cuts off the trailing slash on URLs to make them valid
rewrite ^(.+)/+$ $1 permanent;
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
# again, lifted wholesale from
https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L60 lines
60-69 (nice!)
"~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
proxyPass = "http://${lemmy.upstreamName}";
extraConfig = ''
# proxy common stuff
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
## Send actual client IP upstream
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
};
systemd.services.lemmy-ui = {
environment = {
LEMMY_UI_HOST = lib.mkForce "${lemmy-ui.ip}:${toString lemmy-ui.port}";
LEMMY_UI_LEMMY_INTERNAL_HOST = lib.mkForce "${lemmy.ip}:${toString lemmy.port}";
LEMMY_UI_LEMMY_EXTERNAL_HOST = lib.mkForce lemmy.domain ;
LEMMY_UI_HTTPS="true";
};
};
services.pict-rs = {
enable = true;
port = pict-rs.port;
dataDir = "${dataDir}/pict-rs";
address = pict-rs.ip;
};
systemd.services.lemmy = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
environment = {
LEMMY_DATABASE_URL = lib.mkForce "postgresql://lemmy@127.0.0.1:${toString
config.services.postgresql.port}/lemmy";
};
};
services.lemmy = {
enable = true;
ui.port = lemmy-ui.port;
database.createLocally = true;
settings = {
# TODO: Enable this much later when you tested everything.
# N.B. you can't change your domain name after enabling this.
federation.enabled = false;
# settings related to the postgresql database
database = {
user = "lemmy";
password = "secretlemmypassword";
host = "127.0.0.1";
port = ${config.services.postgresql.port};
database = "lemmy";
pool_size = 5;
};
# Pictrs image server configuration.
pictrs = {
# Address where pictrs is available (for image hosting)
url = "http://${pict-rs.ip}:${toString pict-rs.port}/";
# TODO: Set a custom pictrs API key. ( Required for deleting images )
api_key = "";
};
# TODO: Email sending configuration. All options except login/password are mandatory
email = {
# Hostname and port of the smtp server
smtp_server = "";
# Login name for smtp server
smtp_login = "";
# Password to login to the smtp server
smtp_password = "";
# Address to send emails from, eg "noreply@your-instance.com";
smtp_from_address = "noreply@${lemmy.domain}";
# Whether or not smtp connections should use tls. Can be none, tls, or starttls
tls_type = "none";
};
# TODO: Parameters for automatic configuration of new instance (only used at first start)
setup = {
# Username for the admin user
admin_username = "superawesomeadmin";
# Password for the admin user. It must be at least 10 characters.
admin_password = "";
# Name of the site (can be changed later)
site_name = "Lemmy at ${lemmy.domain}";
# Email for the admin user (optional, can be omitted and set later through the website)
admin_email = "admin@${lemmy.domain}";
};
# the domain name of your instance (mandatory)
hostname = lemmy.domain;
# Address where lemmy should listen for incoming requests
bind = lemmy.ip;
# Port where lemmy should listen for incoming requests
port = lemmy.port;
# Whether the site is available over TLS. Needs to be true for federation to work.
tls_enabled = true;
};
};
# needed for now
nixpkgs.config.permittedInsecurePackages = [
"nodejs-14.21.3"
"openssl-1.1.1t"
];
system.activationScripts."make_sure_lemmy_user_owns_files" = ''
uid='${config.users.users.lemmy.uid}';
gid='${config.users.groups.lemmy.gid}';
dir='${lemmy.dataDir}'
mkdir -p "''${dir}"
if [[ "$(${pkgs.toybox}/bin/stat "''${dir}" -c '%u:%g' | tee /dev/stderr )" != "''${uid}:''${gid}" ]]; then
chown -R "''${uid}:''${gid}" "''${dir}"
fi
'';
};
};
}
</div>
<div v-if="nixin.services.includes('nextcloud')">
services.nextcloud = {
enable = true;
hostName = "nextcloud.tld";
database.createLocally = true;
config = {
dbtype = "pgsql";
adminpassFile = "/path/to/admin-pass-file";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
</div>
<div v-if="nixin.services.includes('hedgedoc')">
networking.firewall = {
allowedTCPPorts = [ 8001 ];
};
services.hedgedoc = {
enable = true;
settings.domain = "hedgedoc.nixin.local";
settings.port = 8001;
settings.host = "0.0.0.0";
settings.protocolUseSSL = false;
settings.allowOrigin = [
"localhost"
"hedgedoc.nixin.local"
];
};
</div>
<div v-if="nixin.services.includes('forgejorunner')">
virtualisation.containers.enable = true;
virtualisation.podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.default = {
enable = true;
name = "dromadaire";
url = "https://git.distrilab.fr";
# Obtaining the path to the runner token file may differ
tokenFile = "/etc/forgejo/runner.token";
labels = [
# provide a debian base with nodejs for actions
"debian-latest:docker://node:20-bookworm"
# fake the ubuntu name, because node provides no ubuntu builds
"ubuntu-latest:docker://node:20-bookworm"
# nixos
"nixos:docker://nixos/nix:latest"
# provide native execution on the host
#"native:host"
];
};
};
</div>
<div v-if="nixin.services.includes('forgejo')">
services.nginx = {
virtualHosts.${cfg.settings.server.DOMAIN} = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
};
};
services.forgejo = {
enable = true;
database.type = "postgres";
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.example.com";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3000;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
mailer = {
ENABLED = true;
SMTP_ADDR = "mail.example.com";
FROM = "noreply@${srv.DOMAIN}";
USER = "noreply@${srv.DOMAIN}";
};
};
mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
};
<NixCode :service="service" />
</div>
}
</code>
</pre>
</template>
<style>
:root {
box-sizing: border-box;
--co-body-bg: #eee;
--co-body-text: #444;
--co-body-accent: #4834d4;
--co-body-accent-contrast: #fff;
--co-textfld-bg: #fff;
--co-textfld-border: #ccc;
--co-textfld-active-border: #aaa;
--co-textfld-focus-border: var(--co-body-accent);
--co-textfld-valid-border: hsl(140 50% 75%);
--co-textfld-valid-active-border: hsl(140 50% 65%);
--co-textfld-valid-focus-border: hsl(140 50% 50%);
--co-textfld-invalid-border: hsl(20 65% 75%);
--co-textfld-invalid-active-border: hsl(20 65% 65%);
--co-textfld-invalid-focus-border: hsl(20 65% 50%);
--co-btn-text: var(--co-body-accent-contrast);
--co-btn-bg: var(--co-body-accent);
--co-btn-active-bg: #333;
--co-btn-focus-bg: #333;
}
.dark-mode {
--co-body-bg: #111;
--co-body-text: #ddd;
--co-body-accent: #6c5ce7;
--co-body-accent-contrast: #fff;
--co-textfld-bg: #222;
--co-textfld-border: #333;
--co-textfld-active-border: #444;
--co-textfld-focus-border: var(--co-body-accent);
--co-textfld-valid-border: hsl(140 90% 20%);
--co-textfld-valid-active-border: hsl(140 90% 30%);
--co-textfld-valid-focus-border: hsl(140 90% 45%);
--co-textfld-invalid-border: hsl(20 90% 20%);
--co-textfld-invalid-active-border: hsl(20 90% 30%);
--co-textfld-invalid-focus-border: hsl(20 90% 45%);
--co-btn-text: var(--co-body-accent-contrast);
--co-btn-bg: var(--co-body-accent);
--co-btn-active-bg: #333;
--co-btn-focus-bg: #333;
}
.dark-mode {
color-scheme: dark;
}
:root {
--leading-inputs: 120%;
--padding-inputs: 0.75em;
--margin-label: 0.5em;
--margin-form-gap: 1.5em;
--margin-btn-gap: 1em;
--width-input-border: 2px;
--width-inputs: 250px;
--width-textarea: 450px;
--height-textarea: 250px;
--radius-inputs: 0.25em;
--opacity-input-disabled: 0.5;
--transition-duration-inputs: 250ms;
--transition-function-inputs: ease-in-out;
--transition-inputs: color var(--transition-duration-inputs),
background-color var(--transition-duration-inputs),
border-color var(--transition-duration-inputs) var(--transition-function-inputs);
}
:read-only:not(label, button, input[type=button], input[type=submit], input[type=reset]) {
cursor: default;
}
:disabled {
opacity: var(--opacity-input-disabled);
cursor: not-allowed;
}
/* All elemenets regardless of types */
input,
select,
option,
textarea,
button,
datalist,
fieldset,
legend,
optgroup,
output,
input::file-selector-button {
font: inherit;
color: inherit;
accent-color: var(--co-body-accent);
transition: var(--transition-inputs);
line-height: var(--leading-inputs);
}
/* All elements with types */
/* Radio & Checkbox */
/* Buttons */
/* Select, Buttons and text-fields */
select,
textarea,
input[type=date],
input[type=datetime-local],
input[type=email],
input[type=month],
input[type=number],
input[type=password],
input[type=search],
input[type=tel],
input[type=text],
input[type=time],
input[type=url],
input[type=week],
button,
input[type=reset],
input[type=submit],
input[type=button],
input::file-selector-button {
border: var(--width-input-border) solid var(--co-textfld-border);
padding: var(--padding-inputs);
border-radius: var(--radius-inputs);
background-color: var(--co-textfld-bg);
}
select:focus,
textarea:focus,
input[type=date]:focus,
input[type=datetime-local]:focus,
input[type=email]:focus,
input[type=month]:focus,
input[type=number]:focus,
input[type=password]:focus,
input[type=search]:focus,
input[type=tel]:focus,
input[type=text]:focus,
input[type=time]:focus,
input[type=url]:focus,
input[type=week]:focus,
button:focus,
input[type=reset]:focus,
input[type=submit]:focus,
input[type=button]:focus,
input::file-selector-button:focus {
outline: 0;
}
/* All text-fields x select */
select,
textarea,
input[type=date],
input[type=datetime-local],
input[type=email],
input[type=month],
input[type=number],
input[type=password],
input[type=search],
input[type=tel],
input[type=text],
input[type=time],
input[type=url],
input[type=week] {
max-width: var(--width-inputs);
width: 100%;
}
select:hover:not([readonly], [disabled]),
select:active:not([readonly], [disabled]),
textarea:hover:not([readonly], [disabled]),
textarea:active:not([readonly], [disabled]),
input[type=date]:hover:not([readonly], [disabled]),
input[type=date]:active:not([readonly], [disabled]),
input[type=datetime-local]:hover:not([readonly], [disabled]),
input[type=datetime-local]:active:not([readonly], [disabled]),
input[type=email]:hover:not([readonly], [disabled]),
input[type=email]:active:not([readonly], [disabled]),
input[type=month]:hover:not([readonly], [disabled]),
input[type=month]:active:not([readonly], [disabled]),
input[type=number]:hover:not([readonly], [disabled]),
input[type=number]:active:not([readonly], [disabled]),
input[type=password]:hover:not([readonly], [disabled]),
input[type=password]:active:not([readonly], [disabled]),
input[type=search]:hover:not([readonly], [disabled]),
input[type=search]:active:not([readonly], [disabled]),
input[type=tel]:hover:not([readonly], [disabled]),
input[type=tel]:active:not([readonly], [disabled]),
input[type=text]:hover:not([readonly], [disabled]),
input[type=text]:active:not([readonly], [disabled]),
input[type=time]:hover:not([readonly], [disabled]),
input[type=time]:active:not([readonly], [disabled]),
input[type=url]:hover:not([readonly], [disabled]),
input[type=url]:active:not([readonly], [disabled]),
input[type=week]:hover:not([readonly], [disabled]),
input[type=week]:active:not([readonly], [disabled]) {
border-color: var(--co-textfld-active-border);
}
select:focus:not([readonly], [disabled]),
textarea:focus:not([readonly], [disabled]),
input[type=date]:focus:not([readonly], [disabled]),
input[type=datetime-local]:focus:not([readonly], [disabled]),
input[type=email]:focus:not([readonly], [disabled]),
input[type=month]:focus:not([readonly], [disabled]),
input[type=number]:focus:not([readonly], [disabled]),
input[type=password]:focus:not([readonly], [disabled]),
input[type=search]:focus:not([readonly], [disabled]),
input[type=tel]:focus:not([readonly], [disabled]),
input[type=text]:focus:not([readonly], [disabled]),
input[type=time]:focus:not([readonly], [disabled]),
input[type=url]:focus:not([readonly], [disabled]),
input[type=week]:focus:not([readonly], [disabled]) {
border-color: var(--co-textfld-focus-border);
}
select:required:valid:hover:not([readonly], [disabled]),
select:required:valid:active:not([readonly], [disabled]),
textarea:required:valid:hover:not([readonly], [disabled]),
textarea:required:valid:active:not([readonly], [disabled]),
input[type=date]:required:valid:hover:not([readonly], [disabled]),
input[type=date]:required:valid:active:not([readonly], [disabled]),
input[type=datetime-local]:required:valid:hover:not([readonly], [disabled]),
input[type=datetime-local]:required:valid:active:not([readonly], [disabled]),
input[type=email]:required:valid:hover:not([readonly], [disabled]),
input[type=email]:required:valid:active:not([readonly], [disabled]),
input[type=month]:required:valid:hover:not([readonly], [disabled]),
input[type=month]:required:valid:active:not([readonly], [disabled]),
input[type=number]:required:valid:hover:not([readonly], [disabled]),
input[type=number]:required:valid:active:not([readonly], [disabled]),
input[type=password]:required:valid:hover:not([readonly], [disabled]),
input[type=password]:required:valid:active:not([readonly], [disabled]),
input[type=search]:required:valid:hover:not([readonly], [disabled]),
input[type=search]:required:valid:active:not([readonly], [disabled]),
input[type=tel]:required:valid:hover:not([readonly], [disabled]),
input[type=tel]:required:valid:active:not([readonly], [disabled]),
input[type=text]:required:valid:hover:not([readonly], [disabled]),
input[type=text]:required:valid:active:not([readonly], [disabled]),
input[type=time]:required:valid:hover:not([readonly], [disabled]),
input[type=time]:required:valid:active:not([readonly], [disabled]),
input[type=url]:required:valid:hover:not([readonly], [disabled]),
input[type=url]:required:valid:active:not([readonly], [disabled]),
input[type=week]:required:valid:hover:not([readonly], [disabled]),
input[type=week]:required:valid:active:not([readonly], [disabled]) {
border-color: var(--co-textfld-valid-active-border);
}
select:required:valid:focus:not([readonly], [disabled]),
textarea:required:valid:focus:not([readonly], [disabled]),
input[type=date]:required:valid:focus:not([readonly], [disabled]),
input[type=datetime-local]:required:valid:focus:not([readonly], [disabled]),
input[type=email]:required:valid:focus:not([readonly], [disabled]),
input[type=month]:required:valid:focus:not([readonly], [disabled]),
input[type=number]:required:valid:focus:not([readonly], [disabled]),
input[type=password]:required:valid:focus:not([readonly], [disabled]),
input[type=search]:required:valid:focus:not([readonly], [disabled]),
input[type=tel]:required:valid:focus:not([readonly], [disabled]),
input[type=text]:required:valid:focus:not([readonly], [disabled]),
input[type=time]:required:valid:focus:not([readonly], [disabled]),
input[type=url]:required:valid:focus:not([readonly], [disabled]),
input[type=week]:required:valid:focus:not([readonly], [disabled]) {
border-color: var(--co-textfld-valid-focus-border);
}
select:required:invalid:hover,
select:required:invalid:active,
textarea:required:invalid:hover,
textarea:required:invalid:active,
input[type=date]:required:invalid:hover,
input[type=date]:required:invalid:active,
input[type=datetime-local]:required:invalid:hover,
input[type=datetime-local]:required:invalid:active,
input[type=email]:required:invalid:hover,
input[type=email]:required:invalid:active,
input[type=month]:required:invalid:hover,
input[type=month]:required:invalid:active,
input[type=number]:required:invalid:hover,
input[type=number]:required:invalid:active,
input[type=password]:required:invalid:hover,
input[type=password]:required:invalid:active,
input[type=search]:required:invalid:hover,
input[type=search]:required:invalid:active,
input[type=tel]:required:invalid:hover,
input[type=tel]:required:invalid:active,
input[type=text]:required:invalid:hover,
input[type=text]:required:invalid:active,
input[type=time]:required:invalid:hover,
input[type=time]:required:invalid:active,
input[type=url]:required:invalid:hover,
input[type=url]:required:invalid:active,
input[type=week]:required:invalid:hover,
input[type=week]:required:invalid:active {
border-color: var(--co-textfld-invalid-active-border);
}
select:required:invalid:focus,
textarea:required:invalid:focus,
input[type=date]:required:invalid:focus,
input[type=datetime-local]:required:invalid:focus,
input[type=email]:required:invalid:focus,
input[type=month]:required:invalid:focus,
input[type=number]:required:invalid:focus,
input[type=password]:required:invalid:focus,
input[type=search]:required:invalid:focus,
input[type=tel]:required:invalid:focus,
input[type=text]:required:invalid:focus,
input[type=time]:required:invalid:focus,
input[type=url]:required:invalid:focus,
input[type=week]:required:invalid:focus {
border-color: var(--co-textfld-invalid-focus-border);
}
select::selection,
textarea::selection,
input[type=date]::selection,
input[type=datetime-local]::selection,
input[type=email]::selection,
input[type=month]::selection,
input[type=number]::selection,
input[type=password]::selection,
input[type=search]::selection,
input[type=tel]::selection,
input[type=text]::selection,
input[type=time]::selection,
input[type=url]::selection,
input[type=week]::selection {
background-color: var(--co-body-accent);
color: var(--co-body-accent-contrast);
}
select:not([disabled], [readonly]) option:focus,
select:not([disabled], [readonly]) option:active,
select:not([disabled], [readonly]) option:hover,
select:not([disabled], [readonly]) option:checked {
background-color: var(--co-body-accent);
color: var(--co-body-accent-contrast);
}
input[type=color] {
cursor: pointer;
border-style: solid;
border-radius: var(--radius-inputs);
border-color: var(--co-textfld-border);
background-color: var(--co-textfld-bg);
}
input[type=color]:hover:not([disabled]),
input[type=color]:active:not([disabled]) {
border-color: var(--co-textfld-active-border);
}
input[type=color]:focus {
outline: 0;
}
input[type=color]:focus:not([disabled]) {
border-color: var(--co-textfld-focus-border);
}
button,
input[type=reset],
input[type=submit],
input[type=button],
input::file-selector-button {
border-color: var(--co-btn-bg);
background-color: var(--co-btn-bg);
color: var(--co-btn-text);
cursor: pointer;
}
button:hover,
button:active,
input[type=reset]:hover,
input[type=reset]:active,
input[type=submit]:hover,
input[type=submit]:active,
input[type=button]:hover,
input[type=button]:active,
input::file-selector-button:hover,
input::file-selector-button:active {
background-color: var(--co-btn-active-bg);
border-color: var(--co-btn-active-bg);
}
button:focus,
input[type=reset]:focus,
input[type=submit]:focus,
input[type=button]:focus,
input::file-selector-button:focus {
background-color: var(--co-btn-active-bg);
}
/* Labels */
label {
cursor: pointer;
display: block;
}
label+label,
label+input,
label+select,
label+button,
label+textarea {
margin-top: var(--margin-label);
}
textarea {
max-width: var(--width-textarea);
height: var(--height-textarea);
}
textarea:read-only,
textarea:disabled {
resize: none;
}
input::file-selector-button {
margin-right: var(--margin-form-gap);
}
label:has(input:disabled) {
opacity: var(--opacity-input-disabled);
cursor: not-allowed;
}
label:has(input:disabled) :disabled {
opacity: 1;
}
.site-container {
padding: 1.5em;
max-width: 1160px;
margin: 3em auto;
}
.form-row {
gap: var(--margin-form-gap);
}
.form-row+.form-row {
margin-top: var(--margin-form-gap);
}
.btn-group {
gap: var(--margin-btn-gap);
}
.form-row,
.btn-group {
display: flex;
flex-wrap: wrap;
}
</style>

View file

@ -3,11 +3,28 @@
</template>
<script>
import * as components from './all'
let mod = []
// we autoload all components in form and nix-code folders
let comp = import.meta.glob('./{form,nix-code}/*.vue', { eager: true })
Object.entries(comp).forEach(([path, definition]) => {
let c = path.split('/');
const componentName = c[1]+'-'+c[2].replace(/\.\w+$/, '')
mod[componentName] = definition.default
})
// we autoload all custom components in form and nix-code custom folders
comp = import.meta.glob('../custom/components/{form,nix-code}/*.vue', { eager: true })
Object.entries(comp).forEach(([path, definition]) => {
let c = path.split('/');
const componentName = c[3]+'-'+c[4].replace(/\.\w+$/, '')
mod[componentName] = definition.default
})
console.log(mod)
export default {
components: {
...components
...mod
},
props: {

View file

@ -1,7 +1,12 @@
<script setup>
const props = defineProps(['service-name'])
import DynamicComponent from "./DynamicComponent.vue"
const props = defineProps(['service'])
let serviceComponent = 'nix-code-'+props.service
</script>
<template>
nixcode {{ serviceName }}
<dynamic-component :type="serviceComponent" />
</template>

View file

@ -3,9 +3,8 @@ import {provide} from 'vue';
import DynamicComponent from "./DynamicComponent.vue"
const props = defineProps(['service'])
let serviceComponent = 'NixForm'+props.service.id
let serviceComponent = 'form-'+props.service.id
provide('service', props.service)
</script>
<template>

View file

@ -1,8 +0,0 @@
export { default as NixFormgotosocial } from './NixForm-gotosocial.vue'
export { default as NixFormpeertube } from './NixForm-peertube.vue'
export { default as NixFormlemmy } from './NixForm-lemmy.vue'
export { default as NixFormnextcloud } from './NixForm-nextcloud.vue'
export { default as NixFormhedgedoc } from './NixForm-hedgedoc.vue'
export { default as NixFormforgejo } from './NixForm-forgejo.vue'
export { default as NixFormforgejorunner } from './NixForm-forgejorunner.vue'
export { default as NixFormnixin } from './NixForm-nixin.vue'

View file

@ -0,0 +1,45 @@
<template>
services.nginx = {
virtualHosts.${cfg.settings.server.DOMAIN} = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
};
};
services.forgejo = {
enable = true;
database.type = "postgres";
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.example.com";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3000;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
mailer = {
ENABLED = true;
SMTP_ADDR = "mail.example.com";
FROM = "noreply@${srv.DOMAIN}";
USER = "noreply@${srv.DOMAIN}";
};
};
mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
};
</template>

View file

@ -0,0 +1,34 @@
<template>
virtualisation.containers.enable = true;
virtualisation.podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.default = {
enable = true;
name = "dromadaire";
url = "https://git.distrilab.fr";
# Obtaining the path to the runner token file may differ
tokenFile = "/etc/forgejo/runner.token";
labels = [
# provide a debian base with nodejs for actions
"debian-latest:docker://node:20-bookworm"
# fake the ubuntu name, because node provides no ubuntu builds
"ubuntu-latest:docker://node:20-bookworm"
# nixos
"nixos:docker://nixos/nix:latest"
# provide native execution on the host
#"native:host"
];
};
};
</template>

View file

@ -0,0 +1,36 @@
<template>
{
services.gotosocial = {
enable = true;
setupPostgresqlDB = true;
settings = {
application-name = "My GoToSocial";
host = "gotosocial.example.com";
protocol = "https";
bind-address = "127.0.0.1";
port = 8080;
};
};
}
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
clientMaxBodySize = "40M";
virtualHosts = with config.services.gotosocial.settings; {
"${host}" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://${bind-address}:${toString port}";
};
};
};
};
};
}
</template>

View file

@ -0,0 +1,18 @@
<template>
networking.firewall = {
allowedTCPPorts = [ 8001 ];
};
services.hedgedoc = {
enable = true;
settings.domain = "hedgedoc.nixin.local";
settings.port = 8001;
settings.host = "0.0.0.0";
settings.protocolUseSSL = false;
settings.allowOrigin = [
"localhost"
"hedgedoc.nixin.local"
];
};
</template>

View file

@ -0,0 +1,240 @@
<template>
let
# add nginx reverse proxy and ACME web certificate
add_nginx = true;
nginx_ports = [ 80 443 ];
lemmy = {
upstreamName = "lemmy";
dataDir = "/var/lib/lemmy";
ip = "127.0.0.1";
port = 1234;
# TODO: Change this domain to your own
domain = "lemmy.example.com";
};
lemmy-ui = {
upstreamName = "lemmy-ui";
ip = "127.0.0.1";
port = 8536;
};
pict-rs = {
ip = "127.0.0.1";
port = 8080;
};
acmeDomain = lemmy.domain;
nginxVhost = lemmy.domain;
in {
security.acme = lib.mkIf add_nginx {
# TODO: change this to true if you accept
acceptTerms = false;
defaults = {
# TODO: you will receive a notification if automatic certificate renewal fails
email = "postmaster@${lemmy.domain}";
# TODO: put your dns provider here: https://go-acme.github.io/lego/dns/
dnsProvider = "";
# TODO: this file should contain environment variables expected by your dns provider
credentialsFile = "";
};
certs."${acmeDomain}" = {
domain = "${acmeDomain}";
};
};
networking.firewall.allowedTCPPorts = lib.mkIf add_nginx nginx_ports;
# is needed because of certificate file permissions
users.users.nginx.extraGroups = lib.mkIf add_nginx ["acme"];
services.nginx = lib.mkIf add_nginx {
upstreams."${lemmy.upstreamName}".servers."${lemmy.ip}:${builtins.toString lemmy.port}" = {};
upstreams."${lemmy-ui.upstreamName}".servers."${lemmy-ui.ip}:${builtins.toString lemmy-ui.port}" = {};
virtualHosts."${nginxVhost}" = {
useACMEHost = "${acmeDomain}";
# inherit from config.security.acme.acmeRoot;
acmeRoot = null;
# add redirects from http to https
forceSSL = true;
# this whole block was lifted from
https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L21 lines
21-32
extraConfig = ''
# disables emitting nginx version on error pages and in the Server response header field
server_tokens off;
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;
# Upload limit, relevant for pictrs
client_max_body_size 20M;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
'';
locations = {
"/" = {
extraConfig = ''
# distinguish between ui requests and backend
# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
set $proxpass "http://${lemmy-ui.upstreamName}";
if ($http_accept = "application/activity+json") {
set $proxpass "http://${lemmy.upstreamName}";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
set $proxpass "http://${lemmy.upstreamName}";
}
if ($request_method = POST) {
set $proxpass "http://${lemmy.upstreamName}";
}
proxy_pass $proxpass;
# Cuts off the trailing slash on URLs to make them valid
rewrite ^(.+)/+$ $1 permanent;
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
# again, lifted wholesale from
https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L60 lines
60-69 (nice!)
"~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
proxyPass = "http://${lemmy.upstreamName}";
extraConfig = ''
# proxy common stuff
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
## Send actual client IP upstream
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
};
systemd.services.lemmy-ui = {
environment = {
LEMMY_UI_HOST = lib.mkForce "${lemmy-ui.ip}:${toString lemmy-ui.port}";
LEMMY_UI_LEMMY_INTERNAL_HOST = lib.mkForce "${lemmy.ip}:${toString lemmy.port}";
LEMMY_UI_LEMMY_EXTERNAL_HOST = lib.mkForce lemmy.domain ;
LEMMY_UI_HTTPS="true";
};
};
services.pict-rs = {
enable = true;
port = pict-rs.port;
dataDir = "${dataDir}/pict-rs";
address = pict-rs.ip;
};
systemd.services.lemmy = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
environment = {
LEMMY_DATABASE_URL = lib.mkForce "postgresql://lemmy@127.0.0.1:${toString
config.services.postgresql.port}/lemmy";
};
};
services.lemmy = {
enable = true;
ui.port = lemmy-ui.port;
database.createLocally = true;
settings = {
# TODO: Enable this much later when you tested everything.
# N.B. you can't change your domain name after enabling this.
federation.enabled = false;
# settings related to the postgresql database
database = {
user = "lemmy";
password = "secretlemmypassword";
host = "127.0.0.1";
port = ${config.services.postgresql.port};
database = "lemmy";
pool_size = 5;
};
# Pictrs image server configuration.
pictrs = {
# Address where pictrs is available (for image hosting)
url = "http://${pict-rs.ip}:${toString pict-rs.port}/";
# TODO: Set a custom pictrs API key. ( Required for deleting images )
api_key = "";
};
# TODO: Email sending configuration. All options except login/password are mandatory
email = {
# Hostname and port of the smtp server
smtp_server = "";
# Login name for smtp server
smtp_login = "";
# Password to login to the smtp server
smtp_password = "";
# Address to send emails from, eg "noreply@your-instance.com";
smtp_from_address = "noreply@${lemmy.domain}";
# Whether or not smtp connections should use tls. Can be none, tls, or starttls
tls_type = "none";
};
# TODO: Parameters for automatic configuration of new instance (only used at first start)
setup = {
# Username for the admin user
admin_username = "superawesomeadmin";
# Password for the admin user. It must be at least 10 characters.
admin_password = "";
# Name of the site (can be changed later)
site_name = "Lemmy at ${lemmy.domain}";
# Email for the admin user (optional, can be omitted and set later through the website)
admin_email = "admin@${lemmy.domain}";
};
# the domain name of your instance (mandatory)
hostname = lemmy.domain;
# Address where lemmy should listen for incoming requests
bind = lemmy.ip;
# Port where lemmy should listen for incoming requests
port = lemmy.port;
# Whether the site is available over TLS. Needs to be true for federation to work.
tls_enabled = true;
};
};
# needed for now
nixpkgs.config.permittedInsecurePackages = [
"nodejs-14.21.3"
"openssl-1.1.1t"
];
system.activationScripts."make_sure_lemmy_user_owns_files" = ''
uid='${config.users.users.lemmy.uid}';
gid='${config.users.groups.lemmy.gid}';
dir='${lemmy.dataDir}'
mkdir -p "''${dir}"
if [[ "$(${pkgs.toybox}/bin/stat "''${dir}" -c '%u:%g' | tee /dev/stderr )" != "''${uid}:''${gid}" ]]; then
chown -R "''${uid}:''${gid}" "''${dir}"
fi
'';
};
};
}
</template>

View file

@ -0,0 +1,14 @@
<template>
services.nextcloud = {
enable = true;
hostName = "nextcloud.tld";
database.createLocally = true;
config = {
dbtype = "pgsql";
adminpassFile = "/path/to/admin-pass-file";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
</template>

View file

@ -0,0 +1,60 @@
<template>
networking.extraHosts = ''
127.0.0.1 peertube.local
'';
environment.etc = {
"peertube/password-posgressql-db".text = "test123";
"peertube/password-redis-db".text = "test123";
};
services = {
peertube = {
enable = true;
localDomain = "peertube.local";
enableWebHttps = false;
database = {
host = "127.0.0.1";
name = "peertube_local";
user = "peertube_test";
passwordFile = "/etc/peertube/password-posgressql-db";
};
redis = {
host = "127.0.0.1";
port = 31638;
passwordFile = "/etc/peertube/password-redis-db";
};
settings = {
listen.hostname = "0.0.0.0";
instance.name = "PeerTube Test Server";
};
};
postgresql = {
enable = true;
enableTCPIP = true;
authentication = ''
hostnossl peertube_local peertube_test 127.0.0.1/32 md5
'';
initialScript = pkgs.writeText "postgresql_init.sql" ''
CREATE ROLE peertube_test LOGIN PASSWORD 'test123';
CREATE DATABASE peertube_local TEMPLATE template0 ENCODING UTF8;
GRANT ALL PRIVILEGES ON DATABASE peertube_local TO peertube_test;
ALTER DATABASE peertube_local OWNER TO peertube_test;
\connect peertube_local
CREATE EXTENSION IF NOT EXISTS pg_trgm;
CREATE EXTENSION IF NOT EXISTS unaccent;
'';
};
redis.servers.peertube = {
enable = true;
bind = "0.0.0.0";
requirePass = "test123";
port = 31638;
};
};
</template>

0
custom/.gitkeep Normal file
View file