From aa06d8fe3be718c17d47d761c687cc747b3d9cfe Mon Sep 17 00:00:00 2001 From: kurogeek Date: Thu, 26 Mar 2026 15:02:53 +0700 Subject: [PATCH] mob next [ci-skip] [ci skip] [skip ci] lastFile:machines/hadar/configuration.nix --- machines/hadar/configuration.nix | 37 ++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/machines/hadar/configuration.nix b/machines/hadar/configuration.nix index f5507cb..f30b65a 100644 --- a/machines/hadar/configuration.nix +++ b/machines/hadar/configuration.nix @@ -4,6 +4,9 @@ pkgs, ... }: +let + domain = "inventory.poyrecords.newedge.house"; +in { imports = [ inputs.self.nixosModules.inventree @@ -46,18 +49,48 @@ ''; }; + clan.core.vars.generators.nginx = { + files = { + sslCert = { + owner = "nginx"; + group = "nginx"; + secret = true; + }; + sslKey = { + owner = "nginx"; + group = "nginx"; + secret = true; + }; + }; + + runtimeInputs = [ + pkgs.openssl + ]; + script = '' + openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ + -keyout $out/sslKey \ + -out $out/sslCert \ + -subj "/CN=localhost" + ''; + }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.inventree = { enable = true; - hostName = "hadar.local"; + hostName = domain; config.site_url = "http://${config.services.inventree.hostName}"; secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path; config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path; config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path; }; + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + sslCertificate = config.clan.core.generators.nginx.files.sslCert.path; + sslCertificateKey = config.clan.core.generators.nginx.files.sslKey.path; + }; + system.stateVersion = "25.11"; clan.core.sops.defaultGroups = [ "admins" ]; - clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]"; }