mob next [ci-skip] [ci skip] [skip ci]

lastFile:machines/hadar/configuration.nix
2026-03-26 15:02:53 +07:00
parent 6d42878f3b
commit aa06d8fe3b
1 changed files with 35 additions and 2 deletions
--- a/machines/hadar/configuration.nix
+++ b/machines/hadar/configuration.nix
@@ -4,6 +4,9 @@
  pkgs,
  ...
 }:
+let
+  domain = "inventory.poyrecords.newedge.house";
+in
 {
  imports = [
    inputs.self.nixosModules.inventree
@@ -46,18 +49,48 @@
    '';
  };

+  clan.core.vars.generators.nginx = {
+    files = {
+      sslCert = {
+        owner = "nginx";
+        group = "nginx";
+        secret = true;
+      };
+      sslKey = {
+        owner = "nginx";
+        group = "nginx";
+        secret = true;
+      };
+    };
+
+    runtimeInputs = [
+      pkgs.openssl
+    ];
+    script = ''
+      openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+        -keyout $out/sslKey \
+        -out $out/sslCert \
+        -subj "/CN=localhost"
+    '';
+  };
+
  networking.firewall.allowedTCPPorts = [ 80 ];

  services.inventree = {
    enable = true;
-    hostName = "hadar.local";
+    hostName = domain;
    config.site_url = "http://${config.services.inventree.hostName}";
    secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path;
    config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path;
    config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path;
  };

+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    sslCertificate = config.clan.core.generators.nginx.files.sslCert.path;
+    sslCertificateKey = config.clan.core.generators.nginx.files.sslKey.path;
+  };
+
  system.stateVersion = "25.11";
  clan.core.sops.defaultGroups = [ "admins" ];
-  clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";
 }