diff --git a/flake.nix b/flake.nix index e475ff3..b142bab 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,8 @@ ./fmt.nix ./shell.nix + ./overlays + ./modules/nixos ./machines ./inventories ./modules/clan/flake-module.nix diff --git a/machines/default.nix b/machines/default.nix index 3ae0f23..c8da58a 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -1,4 +1,8 @@ -{ inputs, self, ... }: +{ + inputs, + self, + ... +}: { imports = [ inputs.clan-core.flakeModules.default diff --git a/machines/rigel/configuration.nix b/machines/rigel/configuration.nix index a8fbbeb..0da0e86 100644 --- a/machines/rigel/configuration.nix +++ b/machines/rigel/configuration.nix @@ -1,4 +1,9 @@ -{ config, ... }: +{ + inputs, + config, + pkgs, + ... +}: { imports = [ (import ../../lib/auto-accept-zerotier-members.nix { @@ -7,8 +12,42 @@ "2bd36db8cc" # kurogeek-thinkpad ]; }) + + inputs.self.nixosModules.inventree ]; + nixpkgs.overlays = [ + inputs.self.overlays.default + ]; + + clan.core.vars.generators.inventree = { + files = { + secret-key = { + owner = "inventree"; + group = "inventree"; + secret = true; + }; + oidc-key = { + owner = "inventree"; + group = "inventree"; + secret = true; + }; + }; + runtimeInputs = [ pkgs.pwgen ]; + script = '' + pwgen -s 32 1 > $out/secret-key + pwgen -s 32 1 > $out/oidc-key + ''; + }; + + services.inventree = { + enable = true; + hostName = "rigel.local"; + config.site_url = "http://${config.services.inventree.hostName}"; + secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path; + config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path; + }; + system.stateVersion = "25.11"; clan.core.sops.defaultGroups = [ "admins" ]; clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]"; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..26161e3 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,5 @@ +{ + flake.nixosModules = { + inventree = import ../nixos/inventree; + }; +} diff --git a/modules/nixos/inventree/default.nix b/modules/nixos/inventree/default.nix new file mode 100644 index 0000000..160fea9 --- /dev/null +++ b/modules/nixos/inventree/default.nix @@ -0,0 +1,369 @@ +{ + lib, + config, + pkgs, + ... +}: +let + inherit (lib) + mkEnableOption + mkOption + types + mkIf + ; + + configFormat = pkgs.formats.json { }; + cfg = config.services.inventree; + pkg = cfg.package; + configFile = "${cfg.dataDir}/config.json"; + + inventree-invoke = pkgs.writeShellApplication { + name = "inventree-invoke"; + text = '' + export INVENTREE_CONFIG_FILE=${configFile} + export INVENTREE_SECRET_KEY_FILE=${cfg.secretKeyFile} + export PYTHONPATH=${pkg.pythonPath} + + exec -a "$0" ${pkgs.python3Packages.invoke}/bin/invoke -r ${cfg.package}/opt/inventree "$@" + ''; + }; +in +{ + options.services.inventree = { + enable = mkEnableOption "InvenTree parts manager"; + + package = lib.mkOption { + type = types.package; + default = pkgs.inventree; + description = '' + InvenTree package to use + ''; + }; + + hostName = mkOption { + type = types.str; + description = "FQDN for the InvenTree instance."; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/inventree"; + example = "/var/lib/inventree"; + description = '' + The default path for all inventree data. + ''; + }; + + secretKeyFile = mkOption { + type = types.path; + default = "${cfg.dataDir}/secret_key.txt"; + description = '' + Path to a file containing the secret key + ''; + }; + + config = mkOption { + type = types.submodule ({ + freeformType = configFormat.type; + options = { + site_url = mkOption { + type = types.str; + default = "https://${cfg.hostName}"; + }; + static_root = mkOption { + type = types.path; + default = "${cfg.dataDir}/static"; + description = '' + Static file storage + ''; + }; + media_root = mkOption { + type = types.path; + default = "${cfg.dataDir}/media_root"; + description = "Media root directory"; + }; + backup_dir = mkOption { + type = types.path; + default = "${cfg.dataDir}/backups"; + description = "Backup directory"; + }; + oidc_private_key_file = mkOption { + type = types.path; + default = "${cfg.dataDir}/oidc.key"; + }; + }; + }); + default = { }; + description = '' + Config options, see https://docs.inventree.org/en/stable/start/config/ + for details + ''; + }; + + serverStartTimeout = mkOption { + type = types.str; + default = "10min"; + description = '' + TimeoutStartSec for the server systemd service. + See https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#TimeoutStartSec= + for more details + ''; + }; + + serverStopTimeout = mkOption { + type = types.str; + default = "5min"; + description = '' + TimeoutStopSec for the server systemd service. + See https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#TimeoutStopSec= + for more details + ''; + }; + + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ inventree-invoke ]; + + systemd.tmpfiles.rules = ( + map (dir: "d ${dir} 0755 inventree inventree") [ + "${cfg.dataDir}" + "${cfg.dataDir}/static" + "${cfg.dataDir}/media_root" + "${cfg.dataDir}/backups" + ] + ); + + services.inventree.config = { + plugins_enabled = false; + plugin_file = "${cfg.dataDir}/plugins.txt"; + plugin_dir = "${cfg.dataDir}/plugins"; + database = { + ENGINE = "postgresql"; + NAME = "inventree"; + HOST = "/run/postgresql"; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "inventree" ]; + ensureUsers = [ + { + name = "inventree"; + ensureDBOwnership = true; + } + ]; + }; + + users.users.inventree = { + group = "inventree"; + isSystemUser = true; + description = "InvenTree daemon user"; + }; + + users.groups.inventree = { }; + + services.nginx.enable = true; + + services.nginx.virtualHosts.${cfg.hostName} = { + locations = + let + unixPath = config.systemd.sockets.inventree-gunicorn.socketConfig.ListenStream; + in + { + "/" = { + extraConfig = '' + client_max_body_size 100M; + ''; + proxyPass = "http://unix:${unixPath}"; + }; + "/static/" = { + alias = "${cfg.config.static_root}/"; + extraConfig = '' + expires 30d; + ''; + }; + "/media/" = { + alias = "${cfg.config.media_root}/"; + extraConfig = '' + auth_request /auth; + ''; + }; + "/auth" = { + extraConfig = '' + internal; + ''; + proxyPass = "http://unix:${unixPath}:/auth/"; + }; + }; + }; + + systemd.targets.inventree = { + description = "Target for all InvenTree services"; + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + }; + + systemd.services.inventree-config = { + description = "Inventree config generation"; + wantedBy = [ "inventree.target" ]; + partOf = [ "inventree.target" ]; + before = [ + "inventree-static.service" + "inventree-gunicorn.service" + "inventree-qcluster.service" + ]; + serviceConfig = { + # User = "root"; + # Group = "root"; + User = "inventree"; + Group = "inventree"; + Type = "oneshot"; + RemainAfterExit = true; + PrivateTmp = true; + }; + environment = { + INVENTREE_CONFIG_FILE = configFile; + INVENTREE_SECRET_KEY_FILE = cfg.secretKeyFile; + INVENTREE_AUTO_UPDATE = "1"; + INVENTREE_PLUGINS_ENABLED = "1"; + INVENTREE_PLUGIN_NOINSTALL = "1"; + INVENTREE_STATIC_ROOT = cfg.config.static_root; + INVENTREE_MEDIA_ROOT = cfg.config.media_root; + INVENTREE_BACKUP_DIR = cfg.config.backup_dir; + INVENTREE_OIDC_PRIVATE_KEY_FILE = cfg.config.oidc_private_key_file; + INVENTREE_DB_ENGINE = cfg.config.database.ENGINE; + INVENTREE_DB_NAME = cfg.config.database.NAME; + INVENTREE_DB_HOST = cfg.config.database.HOST; + INVENTREE_DB_USER = "inventree"; + + INVENTREE_SITE_URL = cfg.config.site_url; + + PYTHONPATH = pkg.pythonPath; + }; + script = '' + set -euo pipefail + + umask u=rwx,g=,o= + + # chown inventree:inventree ${configFile} + + ${pkg}/opt/inventree/src/backend/InvenTree/manage.py migrate + ''; + }; + + systemd.services.inventree-static = { + description = "InvenTree static migration"; + wantedBy = [ "inventree.target" ]; + partOf = [ "inventree.target" ]; + before = [ "inventree-gunicorn.service" ]; + environment = { + INVENTREE_CONFIG_FILE = configFile; + INVENTREE_SECRET_KEY_FILE = cfg.secretKeyFile; + INVENTREE_AUTO_UPDATE = "1"; + INVENTREE_PLUGINS_ENABLED = "1"; + INVENTREE_PLUGIN_NOINSTALL = "1"; + INVENTREE_STATIC_ROOT = cfg.config.static_root; + INVENTREE_MEDIA_ROOT = cfg.config.media_root; + INVENTREE_BACKUP_DIR = cfg.config.backup_dir; + INVENTREE_OIDC_PRIVATE_KEY_FILE = cfg.config.oidc_private_key_file; + INVENTREE_DB_ENGINE = cfg.config.database.ENGINE; + INVENTREE_DB_NAME = cfg.config.database.NAME; + INVENTREE_DB_HOST = cfg.config.database.HOST; + INVENTREE_DB_USER = "inventree"; + INVENTREE_SITE_URL = cfg.config.site_url; + + PYTHONPATH = pkg.pythonPath; + }; + serviceConfig = { + User = "inventree"; + Group = "inventree"; + StateDirectory = "inventree"; + #RuntimeDirectory = "inventree"; + PrivateTmp = true; + ExecStart = '' + ${pkg}/opt/inventree/src/backend/InvenTree/manage.py collectstatic --no-input + ''; + }; + }; + + systemd.services.inventree-gunicorn = { + description = "InvenTree Gunicorn server"; + requiredBy = [ "inventree.target" ]; + partOf = [ "inventree.target" ]; + #wantedBy = [ "inventree.target" ]; + environment = { + INVENTREE_CONFIG_FILE = configFile; + INVENTREE_SECRET_KEY_FILE = cfg.secretKeyFile; + INVENTREE_AUTO_UPDATE = "1"; + INVENTREE_PLUGINS_ENABLED = "1"; + INVENTREE_PLUGIN_NOINSTALL = "1"; + INVENTREE_STATIC_ROOT = cfg.config.static_root; + INVENTREE_MEDIA_ROOT = cfg.config.media_root; + INVENTREE_BACKUP_DIR = cfg.config.backup_dir; + INVENTREE_OIDC_PRIVATE_KEY_FILE = cfg.config.oidc_private_key_file; + INVENTREE_DB_ENGINE = cfg.config.database.ENGINE; + INVENTREE_DB_NAME = cfg.config.database.NAME; + INVENTREE_DB_HOST = cfg.config.database.HOST; + INVENTREE_DB_USER = "inventree"; + INVENTREE_SITE_URL = cfg.config.site_url; + + PYTHONPATH = pkg.pythonPath; + }; + serviceConfig = { + User = "inventree"; + Group = "inventree"; + StateDirectory = "inventree"; + #RuntimeDirectory = "inventree"; + PrivateTmp = true; + ExecStart = '' + ${pkg.gunicorn}/bin/gunicorn InvenTree.wsgi \ + --pythonpath ${pkg}/opt/inventree/src/backend/InvenTree + ''; + }; + }; + + systemd.sockets.inventree-gunicorn = { + wantedBy = [ "sockets.target" ]; + partOf = [ "inventree.target" ]; + socketConfig.ListenStream = "/run/inventree/gunicorn.socket"; + }; + + systemd.services.inventree-qcluster = { + description = "InvenTree qcluster server"; + requiredBy = [ "inventree.target" ]; + wantedBy = [ "inventree.target" ]; + partOf = [ "inventree.target" ]; + environment = { + INVENTREE_CONFIG_FILE = configFile; + INVENTREE_SECRET_KEY_FILE = cfg.secretKeyFile; + INVENTREE_AUTO_UPDATE = "1"; + INVENTREE_PLUGINS_ENABLED = "0"; + INVENTREE_PLUGIN_NOINSTALL = "1"; + INVENTREE_STATIC_ROOT = cfg.config.static_root; + INVENTREE_MEDIA_ROOT = cfg.config.media_root; + INVENTREE_BACKUP_DIR = cfg.config.backup_dir; + INVENTREE_OIDC_PRIVATE_KEY_FILE = cfg.config.oidc_private_key_file; + INVENTREE_DB_ENGINE = cfg.config.database.ENGINE; + INVENTREE_DB_NAME = cfg.config.database.NAME; + INVENTREE_DB_HOST = cfg.config.database.HOST; + INVENTREE_DB_USER = "inventree"; + INVENTREE_SITE_URL = cfg.config.site_url; + + PYTHONPATH = pkg.pythonPath; + }; + serviceConfig = { + User = "inventree"; + Group = "inventree"; + StateDirectory = "inventree"; + #RuntimeDirectory = "inventree"; + PrivateTmp = true; + ExecStart = '' + ${pkg}/opt/inventree/src/backend/InvenTree/manage.py qcluster + ''; + }; + }; + }; +} diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..fa889b9 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: +{ + flake.overlays = { + default = final: prev: import (../pkgs/overlay.nix) inputs final prev; + }; + +} diff --git a/pkgs/inventree/default.nix b/pkgs/inventree/default.nix new file mode 100644 index 0000000..ed72652 --- /dev/null +++ b/pkgs/inventree/default.nix @@ -0,0 +1,145 @@ +{ + stdenvNoCC, + python3, + fetchFromGitHub, + fetchYarnDeps, + yarnConfigHook, + nodejs, +}: +let + version = "unstable-2025-05-09"; + + src = fetchFromGitHub { + owner = "inventree"; + repo = "InvenTree"; + rev = "e0acfaa762da0dd7b2822b567202210ca8b7dbd3"; + hash = "sha256-K+cqErDUmgPO7625P3jp7+7BOYEfyJ1nElae6RlJvvI="; + }; + + frontend = stdenvNoCC.mkDerivation { + name = "inventree-frontend"; + inherit version src; + + yarnOfflineCache = fetchYarnDeps { + yarnLock = "${src}/src/frontend/yarn.lock"; + hash = "sha256-KpWuYCrkGN+4UnwV1STEbTL0FWcLZ7Wq8a8ST55OpGM="; + }; + + nativeBuildInputs = [ + yarnConfigHook + nodejs + ]; + + patchPhase = '' + runHook prePatch + cd src/frontend + runHook postPatch + ''; + + buildPhase = '' + echo "Running lingui" + ./node_modules/.bin/lingui compile --typescript + echo building lib + ./node_modules/.bin/tsc --p ./tsconfig.lib.json + ./node_modules/.bin/vite --config vite.lib.config.ts build + echo "Running tsc" + ./node_modules/.bin/tsc + echo "Running vite" + ./node_modules/.bin/vite build --emptyOutDir --outDir $out + ''; + }; + +in +python3.pkgs.buildPythonApplication rec { + pname = "InvenTree"; + inherit version src; + + format = "other"; + + dependencies = with python3.pkgs; [ + coreapi + cryptography + distutils + dj-rest-auth + django_4 + django-allauth + django-allauth.optional-dependencies.openid + django-allauth.optional-dependencies.mfa + django-allauth.optional-dependencies.socialaccount + django-cleanup + django-cors-headers + django-dbbackup + django-error-report-2 + django-filter + django-flags + django-formtools + django-ical + django-js-asset + django-maintenance-mode + django-markdownify + django-money + django-mptt + django-redis + django-oauth-toolkit + django-otp + django-q-sentry + django-q2 + django-redis + django-sesame + django-sql-utils + django-structlog + django-stdimage + django-taggit + django-user-sessions + django-weasyprint + djangorestframework + djangorestframework-simplejwt + djangorestframework-simplejwt.optional-dependencies.crypto + django-xforwardedfor-middleware + drf-spectacular + dulwich + feedparser + gunicorn + pdf2image + pillow + pint + pip-licenses + pypdf + python-barcode + python-barcode.optional-dependencies.images + python-dotenv + pyyaml + qrcode + qrcode.optional-dependencies.pil + rapidfuzz + sentry-sdk + tablib + tablib.optional-dependencies.xls + tablib.optional-dependencies.xlsx + tablib.optional-dependencies.yaml + weasyprint + whitenoise + + psycopg2 + fido2 + ]; + + nativeCheckInputs = with python3.pkgs; [ django-slowtests ]; + + installPhase = '' + mkdir -p $out/opt/inventree + cp -r . $out/opt/inventree + + echo "Installing frontend" + + mkdir -p $out/opt/inventree/src/backend/InvenTree/web/static/web + cp -r ${frontend}/* $out/opt/inventree/src/backend/InvenTree/web/static/web/ + cp -r ${frontend}/.* $out/opt/inventree/src/backend/InvenTree/web/static/web/ + ''; + + passthru = { + pythonPath = python3.pkgs.makePythonPath dependencies; + gunicorn = python3.pkgs.gunicorn; + inherit frontend; + }; +} diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix new file mode 100644 index 0000000..76b4302 --- /dev/null +++ b/pkgs/overlay.nix @@ -0,0 +1,27 @@ +inputs: final: prev: { + + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ + (py-final: py-prev: { + django-dbbackup = py-final.callPackage ./python/django-dbbackup { }; + django-error-report-2 = py-final.callPackage ./python/django-error-report-2 { }; + django-flags = py-final.callPackage ./python/django-flags { }; + django-ical = py-final.callPackage ./python/django-ical { }; + django-markdownify = py-final.callPackage ./python/django-markdownify { }; + django-money = py-final.callPackage ./python/django-money { }; + django-q-sentry = py-final.callPackage ./python/django-q-sentry { }; + django-recurrence = py-final.callPackage ./python/django-recurrence { }; + django-slowtests = py-final.callPackage ./python/django-slowtests { }; + django-structlog = py-final.callPackage ./python/django-structlog { }; + django-stdimage = py-final.callPackage ./python/django-stdimage { }; + django-user-sessions = py-final.callPackage ./python/django-user-sessions { }; + django-weasyprint = py-final.callPackage ./python/django-weasyprint { }; + django-xforwardedfor-middleware = py-final.callPackage ./python/django-xforwardedfor-middleware { }; + pip-licenses = py-final.callPackage ./python/pip-licenses { }; + py-moneyed = py-final.callPackage ./python/py-moneyed { }; + pytest-pycodestyle = py-final.callPackage ./python/pytest-codestyle { }; + sentry-sdk = py-final.callPackage ./python/sentry-sdk { }; + }) + ]; + + inventree = final.callPackage ./inventree { python3 = final.python312; }; +} diff --git a/pkgs/python/django-dbbackup/default.nix b/pkgs/python/django-dbbackup/default.nix new file mode 100644 index 0000000..d775c7c --- /dev/null +++ b/pkgs/python/django-dbbackup/default.nix @@ -0,0 +1,42 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + django_4, + pytz, +}: + +buildPythonPackage rec { + pname = "django-dbbackup"; + version = "4.2.1"; + pyproject = true; + + src = fetchFromGitHub { + owner = "jazzband"; + repo = "django-dbbackup"; + rev = version; + hash = "sha256-GD+f9mbImGPQ6MOUK3ftHqiGv7TT39jNQsFvd0dnnWU="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + django_4 + pytz + ]; + + pythonImportsCheck = [ "dbbackup" ]; + + meta = { + description = "Management commands to help backup and restore your project database and media files"; + homepage = "https://github.com/jazzband/django-dbbackup"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ ]; + mainProgram = "django-dbbackup"; + }; +} diff --git a/pkgs/python/django-error-report-2/default.nix b/pkgs/python/django-error-report-2/default.nix new file mode 100644 index 0000000..5706887 --- /dev/null +++ b/pkgs/python/django-error-report-2/default.nix @@ -0,0 +1,37 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + django, +}: + +buildPythonPackage rec { + pname = "django-error-report-2"; + version = "0.4.2"; + pyproject = true; + + src = fetchFromGitHub { + owner = "matmair"; + repo = "django-error-report-2"; + rev = version; + hash = "sha256-ZCaslqgruJxM8345/jSlZGruM+27H9hvwL0wtPkUzc0="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ django ]; + + pythonImportsCheck = [ "error_report" ]; + + meta = { + description = "Log/View Django server errors"; + homepage = "https://github.com/matmair/django-error-report-2"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-flags/default.nix b/pkgs/python/django-flags/default.nix new file mode 100644 index 0000000..3d44281 --- /dev/null +++ b/pkgs/python/django-flags/default.nix @@ -0,0 +1,37 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + django, +}: + +buildPythonPackage rec { + pname = "django-flags"; + version = "5.0.13"; + pyproject = true; + + src = fetchFromGitHub { + owner = "cfpb"; + repo = "django-flags"; + rev = version; + hash = "sha256-WPMfFYoP6WaVzZmVtqAz4LlY761aCRyPhd5npc8bOOI="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ django ]; + + pythonImportsCheck = [ "flags" ]; + + meta = { + description = "Feature flags for Django projects"; + homepage = "https://github.com/cfpb/django-flags"; + license = lib.licenses.cc0; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-ical/default.nix b/pkgs/python/django-ical/default.nix new file mode 100644 index 0000000..3c41e90 --- /dev/null +++ b/pkgs/python/django-ical/default.nix @@ -0,0 +1,46 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + setuptools-scm, + wheel, + django, + django-recurrence, + icalendar, +}: + +buildPythonPackage rec { + pname = "django-ical"; + version = "1.9.2"; + pyproject = true; + + src = fetchFromGitHub { + owner = "jazzband"; + repo = "django-ical"; + rev = version; + hash = "sha256-DUe0loayGcUS7MTyLn+g0KBxbIY7VsaoQNHGSMbMI3U="; + }; + + build-system = [ + setuptools + setuptools-scm + wheel + ]; + + dependencies = [ + django + django-recurrence + icalendar + ]; + + pythonImportsCheck = [ "django_ical" ]; + + meta = { + description = "ICal feeds for Django based on Django's syndication feed framework"; + homepage = "https://github.com/jazzband/django-ical"; + changelog = "https://github.com/jazzband/django-ical/blob/${src.rev}/CHANGES.rst"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-markdownify/default.nix b/pkgs/python/django-markdownify/default.nix new file mode 100644 index 0000000..9cc854d --- /dev/null +++ b/pkgs/python/django-markdownify/default.nix @@ -0,0 +1,39 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + bleach, + django, + markdown, +}: + +buildPythonPackage rec { + pname = "django-markdownify"; + version = "0.9.5"; + pyproject = true; + + src = fetchFromGitHub { + owner = "erwinmatijsen"; + repo = "django-markdownify"; + rev = version; + hash = "sha256-KYU8p8NRD4EIS/KhOk9nvmXCf0RWEc+IFZ57YtsDSWE="; + }; + + build-system = [ setuptools ]; + + dependencies = [ + bleach + django + markdown + ]; + + pythonImportsCheck = [ "markdownify" ]; + + meta = { + description = "Markdown template filter for Django"; + homepage = "https://github.com/erwinmatijsen/django-markdownify"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-money/default.nix b/pkgs/python/django-money/default.nix new file mode 100644 index 0000000..a04e885 --- /dev/null +++ b/pkgs/python/django-money/default.nix @@ -0,0 +1,41 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + django, + py-moneyed, +}: + +buildPythonPackage rec { + pname = "django-money"; + version = "3.2"; + pyproject = true; + + src = fetchFromGitHub { + owner = "django-money"; + repo = "django-money"; + rev = version; + hash = "sha256-eL26NsreUqtMJ26TmvmB53EJI4Sjs7qjFDnnt4N0vdI="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + django + py-moneyed + ]; + + pythonImportsCheck = [ "djmoney" ]; + + meta = { + description = "Money fields for Django forms and models"; + homepage = "https://github.com/django-money/django-money"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-q-sentry/default.nix b/pkgs/python/django-q-sentry/default.nix new file mode 100644 index 0000000..e4814f3 --- /dev/null +++ b/pkgs/python/django-q-sentry/default.nix @@ -0,0 +1,37 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + poetry-core, + setuptools, + sentry-sdk, +}: + +buildPythonPackage rec { + pname = "django-q-sentry"; + version = "0.1.6"; + pyproject = true; + + src = fetchFromGitHub { + owner = "danielwelch"; + repo = "django-q-sentry"; + rev = "d3a43a90c82734244d5ebf3295652223053f1354"; + hash = "sha256-3C7A+X18c7p19HWD/uPRtAMf29VjmrfXXh2z5PPOREY="; + }; + + build-system = [ + poetry-core + setuptools + ]; + + dependencies = [ sentry-sdk ]; + + pythonImportsCheck = [ "django_q_sentry" ]; + + meta = { + description = "Bringing Sentry error tracking to Django Q"; + homepage = "https://github.com/danielwelch/django-q-sentry"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-recurrence/default.nix b/pkgs/python/django-recurrence/default.nix new file mode 100644 index 0000000..89c5aee --- /dev/null +++ b/pkgs/python/django-recurrence/default.nix @@ -0,0 +1,56 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + pdm-backend, + django, + flake8, + pytest, + pytest-cov, + pytest-django, + pytest-sugar, + python-dateutil, + sphinx, + sphinx-rtd-theme, + tox, +}: + +buildPythonPackage rec { + pname = "django-recurrence"; + version = "1.12.1"; + pyproject = true; + + src = fetchFromGitHub { + owner = "jazzband"; + repo = "django-recurrence"; + rev = version; + hash = "sha256-Q33zyMa1wI13RNLxynGAJHlagahpnFHCmZbHp0aPC/w="; + }; + + build-system = [ pdm-backend ]; + + dependencies = [ + django + flake8 + pytest + pytest-cov + pytest-django + pytest-sugar + python-dateutil + sphinx + sphinx-rtd-theme + tox + ]; + + pythonRelaxDeps = true; + + pythonImportsCheck = [ "recurrence" ]; + + meta = { + description = "Utility for working with recurring dates in Django"; + homepage = "https://github.com/django-recurrence/django-recurrence"; + changelog = "https://github.com/django-recurrence/django-recurrence/blob/${src.rev}/CHANGES.rst"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-slowtests/default.nix b/pkgs/python/django-slowtests/default.nix new file mode 100644 index 0000000..28dd36a --- /dev/null +++ b/pkgs/python/django-slowtests/default.nix @@ -0,0 +1,38 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + django_4, +}: + +buildPythonPackage rec { + pname = "django-slowtests"; + version = "1.1.1"; + pyproject = true; + + src = fetchFromGitHub { + owner = "realpython"; + repo = "django-slow-tests"; + rev = version; + hash = "sha256-gW9AZiMpXJp1m2X1cbm6GdZ9cH+TFqjNLQJFmsvGjB0="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ django_4 ]; + + pythonImportsCheck = [ "django_slowtests" ]; + + meta = { + description = "Locate your slowest tests"; + homepage = "https://github.com/realpython/django-slow-tests"; + changelog = "https://github.com/realpython/django-slow-tests/blob/${src.rev}/CHANGELOG.rst"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-stdimage/default.nix b/pkgs/python/django-stdimage/default.nix new file mode 100644 index 0000000..1bab49c --- /dev/null +++ b/pkgs/python/django-stdimage/default.nix @@ -0,0 +1,51 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + setuptools-scm, + wheel, + django, + pillow, + gettext, +}: + +buildPythonPackage rec { + pname = "django-stdimage"; + version = "6.0.2"; + pyproject = true; + + src = fetchFromGitHub { + owner = "codingjoe"; + repo = "django-stdimage"; + rev = version; + hash = "sha256-uwVU3Huc5fitAweShJjcMW//GBeIpJcxqKKLGo/EdIs="; + }; + + build-system = [ + setuptools + setuptools-scm + wheel + ]; + + dependencies = [ + django + pillow + ]; + + nativeBuildInputs = [ gettext ]; + + preBuild = '' + echo "bla bla" + echo $PATH + ''; + + pythonImportsCheck = [ "stdimage" ]; + + meta = { + description = ""; + homepage = "https://github.com/codingjoe/django-stdimage"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-structlog/default.nix b/pkgs/python/django-structlog/default.nix new file mode 100644 index 0000000..90e5e7a --- /dev/null +++ b/pkgs/python/django-structlog/default.nix @@ -0,0 +1,48 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + asgiref, + django, + django-ipware, + structlog, + celery, + django-extensions, +}: + +buildPythonPackage rec { + pname = "django-structlog"; + version = "9.1.1"; + pyproject = true; + + src = fetchFromGitHub { + owner = "jrobichaud"; + repo = "django-structlog"; + rev = version; + hash = "sha256-SEigOdlXZtfLAgRgGkv/eDNDAiiHd7YthRJ/H6e1v5U="; + }; + + build-system = [ setuptools ]; + + dependencies = [ + asgiref + django + django-ipware + structlog + ]; + + optional-dependencies = { + celery = [ celery ]; + commands = [ django-extensions ]; + }; + + pythonImportsCheck = [ "django_structlog" ]; + + meta = { + description = ""; + homepage = "https://github.com/jrobichaud/django-structlog"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-user-sessions/default.nix b/pkgs/python/django-user-sessions/default.nix new file mode 100644 index 0000000..7d240f1 --- /dev/null +++ b/pkgs/python/django-user-sessions/default.nix @@ -0,0 +1,39 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + setuptools-scm, + wheel, + django, +}: + +buildPythonPackage rec { + pname = "django-user-sessions"; + version = "2.0.0"; + pyproject = true; + + src = fetchFromGitHub { + owner = "jazzband"; + repo = "django-user-sessions"; + rev = version; + hash = "sha256-Wexy6G2pZ8LTnqtJkBZIePV7qhQW8gu/mKiQfZtgf/o="; + }; + + build-system = [ + setuptools + setuptools-scm + wheel + ]; + + dependencies = [ django ]; + + pythonImportsCheck = [ "user_sessions" ]; + + meta = { + description = "Extend Django sessions with a foreign key back to the user, allowing enumerating all user's sessions"; + homepage = "http://github.com/jazzband/django-user-sessions"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-weasyprint/default.nix b/pkgs/python/django-weasyprint/default.nix new file mode 100644 index 0000000..07d026e --- /dev/null +++ b/pkgs/python/django-weasyprint/default.nix @@ -0,0 +1,38 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + django, + weasyprint, +}: + +buildPythonPackage rec { + pname = "django-weasyprint"; + version = "2.4.0"; + pyproject = true; + + src = fetchFromGitHub { + owner = "fdemmer"; + repo = "django-weasyprint"; + rev = "v${version}"; + hash = "sha256-eSh1p+5MyYb6GIEgSdlFxPzVCenlkwSCTkTzgKjezIg="; + }; + + build-system = [ setuptools ]; + + dependencies = [ + django + weasyprint + ]; + + pythonImportsCheck = [ "django_weasyprint" ]; + + meta = { + description = "A Django class-based view generating PDF resposes using WeasyPrint"; + homepage = "https://github.com/fdemmer/django-weasyprint"; + changelog = "https://github.com/fdemmer/django-weasyprint/blob/${src.rev}/CHANGELOG.md"; + license = lib.licenses.asl20; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/django-xforwardedfor-middleware/default.nix b/pkgs/python/django-xforwardedfor-middleware/default.nix new file mode 100644 index 0000000..6af14f9 --- /dev/null +++ b/pkgs/python/django-xforwardedfor-middleware/default.nix @@ -0,0 +1,37 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + django, +}: + +buildPythonPackage rec { + pname = "django-xforwardedfor-middleware"; + version = "2.0"; + pyproject = true; + + src = fetchFromGitHub { + owner = "allo-"; + repo = "django-xforwardedfor-middleware"; + rev = "v${version}"; + hash = "sha256-dDXSb17kXOSeIgY6wid1QFHhUjrapasWgCEb/El51eA="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ django ]; + + pythonImportsCheck = [ "x_forwarded_for" ]; + + meta = { + description = "Use the X-Forwarded-For header to get the real ip of a request"; + homepage = "https://github.com/allo-/django-xforwardedfor-middleware"; + license = lib.licenses.publicDomain; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/pip-licenses/default.nix b/pkgs/python/pip-licenses/default.nix new file mode 100644 index 0000000..dc97147 --- /dev/null +++ b/pkgs/python/pip-licenses/default.nix @@ -0,0 +1,74 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + setuptools-scm, + wheel, + prettytable, + tomli, + autopep8, + black, + docutils, + isort, + mypy, + pip-tools, + pypandoc, + pytest-cov, + pytest-pycodestyle, + pytest-runner, + tomli-w, + twine, +}: + +buildPythonPackage rec { + pname = "pip-licenses"; + version = "5.0.0"; + pyproject = true; + + src = fetchFromGitHub { + owner = "raimon49"; + repo = "pip-licenses"; + rev = "v-${version}"; + hash = "sha256-6xw6BCuXSzNcwkpHaEFC5UPpubPUwhx/pg6vZq2er7A="; + }; + + build-system = [ + setuptools + setuptools-scm + wheel + ]; + + dependencies = [ + prettytable + tomli + ]; + + optional-dependencies = { + dev = [ + autopep8 + black + docutils + isort + mypy + pip-tools + pypandoc + pytest-cov + pytest-pycodestyle + pytest-runner + tomli-w + twine + wheel + ]; + }; + + pythonImportsCheck = [ "piplicenses" ]; + + meta = { + description = "Dump the license list of packages installed with pip"; + homepage = "https://github.com/raimon49/pip-licenses"; + changelog = "https://github.com/raimon49/pip-licenses/blob/${src.rev}/CHANGELOG.md"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/py-moneyed/default.nix b/pkgs/python/py-moneyed/default.nix new file mode 100644 index 0000000..e953766 --- /dev/null +++ b/pkgs/python/py-moneyed/default.nix @@ -0,0 +1,42 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + babel, + typing-extensions, +}: + +buildPythonPackage rec { + pname = "py-moneyed"; + version = "3.0"; + pyproject = true; + + src = fetchFromGitHub { + owner = "py-moneyed"; + repo = "py-moneyed"; + rev = "v${version}"; + hash = "sha256-k0ZbLwog6TYxKDLZV7eH1Br8buMPfpOkgp+pMN/qdB8="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + babel + typing-extensions + ]; + + pythonImportsCheck = [ "moneyed" ]; + + meta = { + description = "Provides Currency and Money classes for use in your Python code"; + homepage = "http://github.com/py-moneyed/py-moneyed"; + changelog = "https://github.com/py-moneyed/py-moneyed/blob/${src.rev}/CHANGES.rst"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/pkgs/python/sentry-sdk/default.nix b/pkgs/python/sentry-sdk/default.nix new file mode 100644 index 0000000..0c75d44 --- /dev/null +++ b/pkgs/python/sentry-sdk/default.nix @@ -0,0 +1,43 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + certifi, + urllib3, +}: + +buildPythonPackage rec { + pname = "sentry-sdk"; + version = "2.26.1"; + pyproject = true; + + src = fetchFromGitHub { + owner = "getsentry"; + repo = "sentry-python"; + rev = version; + hash = "sha256-Wl8yq2X9GuPcqaS93hkKXs2cDzz282Xceaai4NjbVZY="; + fetchSubmodules = true; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + certifi + urllib3 + ]; + + pythonImportsCheck = [ "sentry_sdk" ]; + + meta = { + description = "The official Python SDK for Sentry.io"; + homepage = "https://github.com/getsentry/sentry-python"; + changelog = "https://github.com/getsentry/sentry-python/blob/${src.rev}/CHANGELOG.md"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ]; + }; +} diff --git a/vars/per-machine/rigel/inventree/oidc-key/groups/admins b/vars/per-machine/rigel/inventree/oidc-key/groups/admins new file mode 120000 index 0000000..6765aa1 --- /dev/null +++ b/vars/per-machine/rigel/inventree/oidc-key/groups/admins @@ -0,0 +1 @@ +../../../../../../sops/groups/admins \ No newline at end of file diff --git a/vars/per-machine/rigel/inventree/oidc-key/machines/rigel b/vars/per-machine/rigel/inventree/oidc-key/machines/rigel new file mode 120000 index 0000000..47a146c --- /dev/null +++ b/vars/per-machine/rigel/inventree/oidc-key/machines/rigel @@ -0,0 +1 @@ +../../../../../../sops/machines/rigel \ No newline at end of file diff --git a/vars/per-machine/rigel/inventree/oidc-key/secret b/vars/per-machine/rigel/inventree/oidc-key/secret new file mode 100644 index 0000000..12a132b --- /dev/null +++ b/vars/per-machine/rigel/inventree/oidc-key/secret @@ -0,0 +1,47 @@ +{ + "data": "ENC[AES256_GCM,data:DNAK/x337+6cR7jWAxQXTUk6eIq93vtRyyiVoWAB2sjR,iv:8N/YhIAvvRbOwkA6cY59Qd+TUvXY+D5nj5NREkjJ5xY=,tag:KkOG07dxt2OntglTJy8JwQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcmVaK1NxTzJscytFSFZq\nbU9VUGt0RkNOZ05ZUmhZdnlsZDBrTU90cVVRCjdLMXhGTyt1a1FGYWF3c215UWNH\nbGpOL0JWRGVxaStqd1YrMUZkNTRmRE0KLS0tIFNjTXhhQm9wb1VLcTljWWZ3MmRG\nWEROOVdwUmxMQ2RGTjl3c0pUL2RqV1EKo8o3qEZDiEDMa/LvB6x22ge99vStcYGv\n3eKfq03q13jSEAjYcYnboIuixpajcFQyNWtiIVARvRp3bD/6GY5xdA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZa202SGZWbEEvZTZ4Rmc4\nM2VCRUJWamJGQ0g0clhnVkNNTjB5cDVHTDJVCnBOd2srK29JdGFQczRoYVpDaXBi\nN21iQ1UzNFNBeDRrYjJGMDluNllEVGcKLS0tIHZrMXlPNEM1cUc1QWJ3azVyVXho\nN01ocHp1cSt6N0tzQklRQmJJOGlZd0EKa0CjHQ5sJnesBQjbIefVI4+gtPH9u/P5\nlytt/+a3R8oRIoaQyJO5cdr5PJBKMm5ZbybaH3QSYXw/G5RuEiazrQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIHdDYjZZUWhy\nSFNvMVVkVktVOWYzZ3ZxUDE4eFdoMThxYnNnMldXVmdOZ2cgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpsc2toMlJFdHdxWVFsNHdFVjhmN2pW\nM2pkRGV1YUpwWGhxa3FvZHJ2Y2JJCi0tLSAzZDUwYzdOSGhhTE1sWUYxZktJZng3\nNU85T3ZBMlR5RldrSjdWRGlJK3dvCg5LhRadTMP3ncZrRzt216fbt1OyU4hc58Ro\n/OsG4eVycIo1/RnHFSVtP3hkJWXsNXEWygExksdL+z3WqwTaiIw=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIFlIajBRbXl4\nZkhLSWpIcU8rbU5KZHBsanpUS0tEWno1eE8xcjJES3NoMXcgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwowRHEvVGtBbGFOLzVVdWRFMVBSUUJB\nWGRVdUpDZEVBbzcvTmtDc1ZhSDRjCi0tLSBPdXBJeGp2Y0pCMTlSczh3Uk1rZGhN\nRGtkQjh1eU1XNTJ3LzZxTC92SXNVCo2Hg3iQ1nCg30vn1k0KOTP55siFdEbqj0w0\nw14ytOONNy5lDpM5nJogOJEZPIVXA+Fh/Z/yJV5DqIYjbuLWyh4=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEhodVlXeWl2\nTmVOOTlKaHRRbHM4UXQwYkVocS9MZDQ4WHZMRlV0bGJJQ28gQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpUU2xmV1h0eW1RTEFDTTQ2SElaRy8y\naGY1R2tJMnlvOSt5Mm1mL21OQWI0Ci0tLSAwZmxzMFJTYXJzVS9wZy9rcWFPQWdi\nbzRqQlZFU0EwRk5kc1o0NjhURWpzClILo4I2sCyCZgnoVxZ8kAhvRmhog9ZhXL1b\n3wGW6vQ9mb0c29pDlHIqkUmr20+A+nBSRZ1xuBIPQEsyYcUFibQ=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQYk03cG45TlJwSEVhYURR\nMERRZTFweVZIRGE5d2FRa2F0VXFBaHRjOWc0CjI0U3NZd1hRTDdyb2cyak9rZEtO\nS0dtbTRCZjFyNGt1MFhSWWtBQXZrbkkKLS0tIEZCTFgyNFk3MmdBRmoweWoyNkFz\nVWFxOVZoMy9TOHlsUUVLWTR5RVIyWnMKZjLh6/LaKGYJDMz+MY6aoUCaMgVQnzDa\nj4FvuU21V54z4nTzAxbAloYWs0OowK3p/uvkg0jF6L6xYOHHuUP/vw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRWtIYU0zSzNmVlltS2ty\ndkx6UzJucXM3OTdaSmliSUM5eVdSelhEazBVCkkrNWMzc1o4WlhlSmh4b09vUE93\nME1DejRYd1l2dFM0U1FzMlAzQTk5RncKLS0tIEFieHhURUk5TkEyd0hCMUhmZ0J0\nanp0OHFETGJDcmJDdDFsc3Vsc3ZUVnMKOl3brWD8HWtRqcL+w49xKrhLTl2iOHuH\n0UyslA4POQYpY1UKd6mY/ONFOJdRBCl7l5zg2ZvjA8OnE+l8StlCcQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRVVJaWIvTlVub2IwRXEx\ndlNDOFlXa3cyM09YcmVCNE5WcENjcitLNkdZCnk3T011NWVPUzRWZm5GTVVOTENQ\naXlOaXJrQVY5SDVqbG8rcHFKMlNJNmMKLS0tICtXVDU5L3FSTlF5TmRHWXI3Nklx\nbzBGTDdzWjlXMjdVZ0dBdklSZlgzYlEKUVlfGm9xS5Ux3KWM0hNq+kHaTHO+tS9J\nzEEhjGUFlqktJwoVRtiNkdmyjqZjG5nXuM5U/Gi71E4QbfcdKXY8Yg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNM0FvOURHcTQ3WXBYbHZr\nVjdSWkViQVRlbVRxcG9BdmNuTGtUdVc1Q2xRClZGZmErdEp5cFdscitjNHhiaEdD\nVUZ3Z3NZbjZ6dEVGMngyWllWdEtyTkUKLS0tIDNXRWFSVm5ubnpHai9DdFA0aG9D\nU2E2bWx2SVhoV0NFczBZTVE4dW9nc2MKNlAPGXRwrWzEb6Tn91EVyn3sQUkBYBpW\n6Qtxh4YVgs7wnvdF2iqe/bco6hhmHbVM4pckFlsh997upbWoAJX+ag==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-09T06:44:42Z", + "mac": "ENC[AES256_GCM,data:WkedoUtde7dDn9nLPXRVV1VE4g0GatMSsco8C5sPppZEHY+7nQEw4/B3PtK3Zg+p3CbfJXpipS+lEIF/0WKb/D8po5TDUXWLCsGdl9SCLwPLpzSIjSSn4pArBCqicUqhSRF6w2w56tpWoZrXdy/l39q1LA9P82jjRZaRhrnmqrQ=,iv:bfAW8oUpv3puMjoIgZiGUWFx0ODxyKCV4bylOT6BiY0=,tag:y87YDf0GVk+io6bYUtiU8g==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/rigel/inventree/oidc-key/users/kurogeek b/vars/per-machine/rigel/inventree/oidc-key/users/kurogeek new file mode 120000 index 0000000..970aefa --- /dev/null +++ b/vars/per-machine/rigel/inventree/oidc-key/users/kurogeek @@ -0,0 +1 @@ +../../../../../../sops/users/kurogeek \ No newline at end of file diff --git a/vars/per-machine/rigel/inventree/secret-key/groups/admins b/vars/per-machine/rigel/inventree/secret-key/groups/admins new file mode 120000 index 0000000..6765aa1 --- /dev/null +++ b/vars/per-machine/rigel/inventree/secret-key/groups/admins @@ -0,0 +1 @@ +../../../../../../sops/groups/admins \ No newline at end of file diff --git a/vars/per-machine/rigel/inventree/secret-key/machines/rigel b/vars/per-machine/rigel/inventree/secret-key/machines/rigel new file mode 120000 index 0000000..47a146c --- /dev/null +++ b/vars/per-machine/rigel/inventree/secret-key/machines/rigel @@ -0,0 +1 @@ +../../../../../../sops/machines/rigel \ No newline at end of file diff --git a/vars/per-machine/rigel/inventree/secret-key/secret b/vars/per-machine/rigel/inventree/secret-key/secret new file mode 100644 index 0000000..47359a5 --- /dev/null +++ b/vars/per-machine/rigel/inventree/secret-key/secret @@ -0,0 +1,47 @@ +{ + "data": "ENC[AES256_GCM,data:SLllB/DD3fXLak/dkTEzVjZeSpVu1fwTUFntExzOjV8Q,iv:cFvltsiERU7gROOC+qMyrw03tH3tNnC1uxZFLRRS1Js=,tag:+qOgbOtyxjfB8vixEo5g8g==,type:str]", + "sops": { + "age": [ + { + "recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bXo4UThwRDR5SEpjNmNW\nTktKSlNlcEQyaUxtU0s4dUVWaEd6am0wVUdnCmNQZURCQlE0YVQ2b2RXQzhrSWVy\nb01EVGpGUE8yNVhNeHFLb24xQ1d0bGsKLS0tIDJLWVlkVitieUtQQVQ1MzZNV21U\nV3o0R2hTb2NDMDhhbW9oQlJpODRseG8KgkP2iCANYFW7hfczt6PJSAVQz8f4OOJa\neQ6SDqFTHSGBmbJJU+IUtmPNYbIiZKjnN9zDYX+1iyuKK4fFP7CFbg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6STVKQ2p4RWY0ZUk2Y3Vv\nd3orTmVhM1d3eGlzMDBLK09mdU0xM294RndRClIydTJYZHlFRVFxVEtzYzZFaHJP\nbDJWaDVjajFsanVCSmtXL256V1BHaE0KLS0tIEd0THczMHluL2ZZZWE4dEwyc3hC\nR1R1VWlRSDMweHdjdVA3SzF4R3pUem8K1Rd5Lq4CcMtB50g43/0t8Tx9W2O35zWq\nIyBfQGAH5kgZ3hPXPvmpbk5MB0XkhcMCJbpYU2dmilWxEwOoDAvGCg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGoyOFFVWFlJ\nbkJ2TEFMOUllb2ZLM3p4M1cyTlNaOEthcTdUZVpPTmFNeWMgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpUb0RjdjUwT0tROFRqckxPcm1naXlU\nSzhJUWVrb3NaejhUVVBGVWcwczdBCi0tLSBYS01RdmZhL3BHcThsYUt6aFpvRGNh\nek5jRHNtVy9zdWdtZWhBd2hpaXdVCikHiy6zs7kkOSS/e6Oplw01abxLZtjj4cPM\nzVG/SVt1eOVUKP3Ahk7zLH4q7VxtS+eQJER0eTK8DmJBBETcvNs=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEhTVFVNdWxm\nSzhoNmU3ZnBlMDg1R3JzTzBrZDN4WDYwOURmV25zcTc1QVkgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwo3K3hyT05VN0pYUTd4QW13UGgvdEVN\nOGhuWEUrRjh2MUlzYmx5ekdVKzlzCi0tLSBrOFBVNjZnM0J2NURZNnNhdVgreFdH\nY1NLZS8xb0didE43ZituU3hvUk0wCoUxGuyVnk025eqUjue6xbAj5UzcUCLaWYu7\n86uFys6WGKnzCx+ihvMM/utSnZboolFfOpvqfK9L1M2wVkyLUVg=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEZ4ZGh2c0Ri\nNkJCaXVhdmxSMkpzNWYwVjkyMkRKR1d4Mk8ybDYwaStqSDAgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpXc3Noa2tTNTczUXNVQytnTjd5dS9F\nOW02Zm1Qcko2MUxPSlE0RXpFTUNNCi0tLSBDaDhieVVpc1N1bThxU2ROWU4vSHVD\nS250cGpiVlpqVTZTRXhlM3BRKzVvCigDcEqmPRBHTxMniCAA7CKdqh5ly+nqo9RD\nei8+X5JvLDoTEaGvXOzdir54+uDVyhdBpTNcruyW6muNusLKsQY=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYajBTanZXaWhnUmRtM1Rz\nSmc5SWFiRHV3a3lDc09MUnYwWVlEZnJZTnlNCjIrdEgwa3N6OERIbG5FQk9qZUJ0\nMVFYODJIMzRuTjBhVnF5SXRwQzd0V2cKLS0tIGdyTExwaXBnL0NXQTZKamtJVVp6\nNFc1NlhORStKOVF1dTZBc0wwOThFQWcKVxBn6Yt4gpa/7xdKiawrnhJjG21yitpI\nMElgsEBUUWnLHQFMyand1szTAIFdGyI4LTlDhwnPtWawu1hxh+6Sdg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrL3I5M2c2N0x0d3Z4S1hK\nMk14UVoyb0VWb2t1elpManR1MVNMYlV1dWtRCldKUjNEMTlCNCtpdzdYR1pBakJW\nd3VDWTJTMkxQbjc4eGVNQjV6OUl6NjQKLS0tIE1TMHJqTFh6bEpXdXJzQVViWFMy\ndFRmLzN2ZUgvb0hTT0pHMkNXdm9mancK3W8+bSiLPUU14lV4FbaYiXsdD2hVyoGM\nGycJYQ6sxjSgEv51fPTfC4CEmA4L8J3OyEkincc42Js852oGETQJmA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbWdOZzVXSGZrMGFFQ3Zo\nOFFra0pNM3BnS0cwY0NaNHJ1RmFmdUNidlZFCmVsM0xyMGd2WjExdFRBaWQxWU02\nMis0a3V6bGF6bEx5S0RoV3hPVUlHUXMKLS0tIHNmZmZOSVBreG5HcUw2YmtMMFFa\ncXIxZEk0djlDQWdNV2lIMFdFY2lRU1UKXc3dZc93Nmu6ttOAEqB6QxzR20GoQ9BB\nXS50YRKvwU4qjMKeMafF0UuJjB8aMhYNyjL1NN3OQkSWGTwuiTD+4A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrN2VtcVVLVTl6dkdmakM5\nRTJsSWF3Mitram9mTTZPdWVwbk4vQ1IveXhjCm8yYWluSHhhQWpqNDRxeDl6cWY0\nTXpnMEdSN0dSVEYyMmpTTUtXelM5QXMKLS0tIHYrVXpkaTN5dWVqb3BicWxQNC9U\ndDM4UGhkbUlhTGZBZkhLOVg2Wkt4bk0KA7yWkYyv/DorKbmQ+1mLQPMD/N2fV7Z5\nEtQKD007BSVDelwJmWf/GyGgryk9BsgWTKSFaVJlWva9YURrKrkFUw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-09T06:44:43Z", + "mac": "ENC[AES256_GCM,data:UR6u2fr4fI9IiU5GmpeFob2SqqGKNTX3SfEI7oXk9nlLPIVWNnYr+uw7JrZbsANSxb7nIihPJwIPpCCeHxqm95hNXDxItKttbMEK+VkrBZDzcLe0nJ5PQtQlyToPZGJgfhxY/a+uaBW9XtRjDtxttxysQa5B/KgMcbOPvyBpuug=,iv:jftOnwUXd85hTYT36UUrLTJTjZq7CYq4JBScrQ4roWE=,tag:mRm3aIAConc8HRFF0ZxvgQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/rigel/inventree/secret-key/users/kurogeek b/vars/per-machine/rigel/inventree/secret-key/users/kurogeek new file mode 120000 index 0000000..970aefa --- /dev/null +++ b/vars/per-machine/rigel/inventree/secret-key/users/kurogeek @@ -0,0 +1 @@ +../../../../../../sops/users/kurogeek \ No newline at end of file