mob next [ci-skip] [ci skip] [skip ci]

lastFile:vars/per-machine/rigel/inventree/secret-key/secret
2025-10-09 16:42:56 +07:00
parent 04fafa32d3
commit 1df60c35d9
33 changed files with 1445 additions and 2 deletions
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -1,4 +1,8 @@
-{ inputs, self, ... }:
+{
+  inputs,
+  self,
+  ...
+}:
 {
  imports = [
    inputs.clan-core.flakeModules.default
--- a/machines/rigel/configuration.nix
+++ b/machines/rigel/configuration.nix
@@ -1,4 +1,9 @@
-{ config, ... }:
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
 {
  imports = [
    (import ../../lib/auto-accept-zerotier-members.nix {
@@ -7,8 +12,42 @@
        "2bd36db8cc" # kurogeek-thinkpad
      ];
    })
+
+    inputs.self.nixosModules.inventree
  ];

+  nixpkgs.overlays = [
+    inputs.self.overlays.default
+  ];
+
+  clan.core.vars.generators.inventree = {
+    files = {
+      secret-key = {
+        owner = "inventree";
+        group = "inventree";
+        secret = true;
+      };
+      oidc-key = {
+        owner = "inventree";
+        group = "inventree";
+        secret = true;
+      };
+    };
+    runtimeInputs = [ pkgs.pwgen ];
+    script = ''
+      pwgen -s 32 1 > $out/secret-key
+      pwgen -s 32 1 > $out/oidc-key
+    '';
+  };
+
+  services.inventree = {
+    enable = true;
+    hostName = "rigel.local";
+    config.site_url = "http://${config.services.inventree.hostName}";
+    secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path;
+    config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path;
+  };
+
  system.stateVersion = "25.11";
  clan.core.sops.defaultGroups = [ "admins" ];
  clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";