From 6611b8f7b9e35437d4ceacc8177052b080d53370 Mon Sep 17 00:00:00 2001 From: kurogeek Date: Thu, 9 Oct 2025 16:40:44 +0700 Subject: [PATCH] mob next [ci-skip] [ci skip] [skip ci] lastFile:machines/rigel/configuration.nix --- machines/rigel/configuration.nix | 32 ++++++++++++- modules/nixos/inventree/default.nix | 69 +++++++++++++++++++++++++++-- overlays/default.nix | 9 ---- 3 files changed, 95 insertions(+), 15 deletions(-) diff --git a/machines/rigel/configuration.nix b/machines/rigel/configuration.nix index d9a2447..dd6c54d 100644 --- a/machines/rigel/configuration.nix +++ b/machines/rigel/configuration.nix @@ -1,4 +1,9 @@ -{ inputs, config, ... }: +{ + inputs, + config, + pkgs, + ... +}: { imports = [ (import ../../lib/auto-accept-zerotier-members.nix { @@ -15,9 +20,32 @@ inputs.self.overlays.default ]; + clan.core.vars.generators.inventree = { + files = { + secret-key = { + owner = "inventree"; + group = "inventree"; + secret = true; + }; + oidc-key = { + owner = "inventree"; + group = "inventree"; + secret = true; + }; + }; + runtimeInputs = [ pkgs.pwgen ]; + script = '' + pwgen -s 32 1 > $out/secret-key + pwgen -s 32 1 > $out/oidc-key + ''; + }; + services.inventree = { enable = true; - hostName = "localhost"; + hostName = "rigel.local"; + config.site_url = "http://${config.services.inventree.hostName}"; + secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path; + config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path; }; system.stateVersion = "25.11"; diff --git a/modules/nixos/inventree/default.nix b/modules/nixos/inventree/default.nix index 6e4346a..160fea9 100644 --- a/modules/nixos/inventree/default.nix +++ b/modules/nixos/inventree/default.nix @@ -13,9 +13,9 @@ let ; configFormat = pkgs.formats.json { }; - configFile = "/run/inventree/config.json"; cfg = config.services.inventree; pkg = cfg.package; + configFile = "${cfg.dataDir}/config.json"; inventree-invoke = pkgs.writeShellApplication { name = "inventree-invoke"; @@ -125,6 +125,15 @@ in config = mkIf cfg.enable { environment.systemPackages = [ inventree-invoke ]; + systemd.tmpfiles.rules = ( + map (dir: "d ${dir} 0755 inventree inventree") [ + "${cfg.dataDir}" + "${cfg.dataDir}/static" + "${cfg.dataDir}/media_root" + "${cfg.dataDir}/backups" + ] + ); + services.inventree.config = { plugins_enabled = false; plugin_file = "${cfg.dataDir}/plugins.txt"; @@ -155,6 +164,8 @@ in users.groups.inventree = { }; + services.nginx.enable = true; + services.nginx.virtualHosts.${cfg.hostName} = { locations = let @@ -205,18 +216,41 @@ in "inventree-qcluster.service" ]; serviceConfig = { - User = "root"; - Group = "root"; + # User = "root"; + # Group = "root"; + User = "inventree"; + Group = "inventree"; Type = "oneshot"; RemainAfterExit = true; PrivateTmp = true; }; + environment = { + INVENTREE_CONFIG_FILE = configFile; + INVENTREE_SECRET_KEY_FILE = cfg.secretKeyFile; + INVENTREE_AUTO_UPDATE = "1"; + INVENTREE_PLUGINS_ENABLED = "1"; + INVENTREE_PLUGIN_NOINSTALL = "1"; + INVENTREE_STATIC_ROOT = cfg.config.static_root; + INVENTREE_MEDIA_ROOT = cfg.config.media_root; + INVENTREE_BACKUP_DIR = cfg.config.backup_dir; + INVENTREE_OIDC_PRIVATE_KEY_FILE = cfg.config.oidc_private_key_file; + INVENTREE_DB_ENGINE = cfg.config.database.ENGINE; + INVENTREE_DB_NAME = cfg.config.database.NAME; + INVENTREE_DB_HOST = cfg.config.database.HOST; + INVENTREE_DB_USER = "inventree"; + + INVENTREE_SITE_URL = cfg.config.site_url; + + PYTHONPATH = pkg.pythonPath; + }; script = '' set -euo pipefail umask u=rwx,g=,o= - chown inventree:inventree ${configFile} + # chown inventree:inventree ${configFile} + + ${pkg}/opt/inventree/src/backend/InvenTree/manage.py migrate ''; }; @@ -231,6 +265,15 @@ in INVENTREE_AUTO_UPDATE = "1"; INVENTREE_PLUGINS_ENABLED = "1"; INVENTREE_PLUGIN_NOINSTALL = "1"; + INVENTREE_STATIC_ROOT = cfg.config.static_root; + INVENTREE_MEDIA_ROOT = cfg.config.media_root; + INVENTREE_BACKUP_DIR = cfg.config.backup_dir; + INVENTREE_OIDC_PRIVATE_KEY_FILE = cfg.config.oidc_private_key_file; + INVENTREE_DB_ENGINE = cfg.config.database.ENGINE; + INVENTREE_DB_NAME = cfg.config.database.NAME; + INVENTREE_DB_HOST = cfg.config.database.HOST; + INVENTREE_DB_USER = "inventree"; + INVENTREE_SITE_URL = cfg.config.site_url; PYTHONPATH = pkg.pythonPath; }; @@ -257,6 +300,15 @@ in INVENTREE_AUTO_UPDATE = "1"; INVENTREE_PLUGINS_ENABLED = "1"; INVENTREE_PLUGIN_NOINSTALL = "1"; + INVENTREE_STATIC_ROOT = cfg.config.static_root; + INVENTREE_MEDIA_ROOT = cfg.config.media_root; + INVENTREE_BACKUP_DIR = cfg.config.backup_dir; + INVENTREE_OIDC_PRIVATE_KEY_FILE = cfg.config.oidc_private_key_file; + INVENTREE_DB_ENGINE = cfg.config.database.ENGINE; + INVENTREE_DB_NAME = cfg.config.database.NAME; + INVENTREE_DB_HOST = cfg.config.database.HOST; + INVENTREE_DB_USER = "inventree"; + INVENTREE_SITE_URL = cfg.config.site_url; PYTHONPATH = pkg.pythonPath; }; @@ -290,6 +342,15 @@ in INVENTREE_AUTO_UPDATE = "1"; INVENTREE_PLUGINS_ENABLED = "0"; INVENTREE_PLUGIN_NOINSTALL = "1"; + INVENTREE_STATIC_ROOT = cfg.config.static_root; + INVENTREE_MEDIA_ROOT = cfg.config.media_root; + INVENTREE_BACKUP_DIR = cfg.config.backup_dir; + INVENTREE_OIDC_PRIVATE_KEY_FILE = cfg.config.oidc_private_key_file; + INVENTREE_DB_ENGINE = cfg.config.database.ENGINE; + INVENTREE_DB_NAME = cfg.config.database.NAME; + INVENTREE_DB_HOST = cfg.config.database.HOST; + INVENTREE_DB_USER = "inventree"; + INVENTREE_SITE_URL = cfg.config.site_url; PYTHONPATH = pkg.pythonPath; }; diff --git a/overlays/default.nix b/overlays/default.nix index fd293c0..fa889b9 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -4,13 +4,4 @@ default = final: prev: import (../pkgs/overlay.nix) inputs final prev; }; - # perSystem = - # { system, ... }: - # { - # _module.args.pkgs = import inputs.nixpkgs { - # inherit system; - # overlays = [ inputs.self.overlays.default ]; - # config = { }; - # }; - # }; }