newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mob next [ci-skip] [ci skip] [skip ci]

Browse Source 
lastFile:machines/hadar/configuration.nix
This commit is contained in:
kurogeek
2026-03-26 15:02:53 +07:00
parent 6d42878f3b
commit aa06d8fe3b
1 changed files with 35 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
machines/hadar/configuration.nix
View File

@@ -4,6 +4,9 @@
pkgs, pkgs,
... ...
}: }:
let
domain = "inventory.poyrecords.newedge.house";
in
{ {
imports = [ imports = [
inputs.self.nixosModules.inventree inputs.self.nixosModules.inventree
@@ -46,18 +49,48 @@
''; '';
}; };
clan.core.vars.generators.nginx = {
files = {
sslCert = {
owner = "nginx";
group = "nginx";
secret = true;
};
sslKey = {
owner = "nginx";
group = "nginx";
secret = true;
};
};
runtimeInputs = [
pkgs.openssl
];
script = ''
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout $out/sslKey \
-out $out/sslCert \
-subj "/CN=localhost"
'';
};
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 ];
services.inventree = { services.inventree = {
enable = true; enable = true;
hostName = "hadar.local"; hostName = domain;
config.site_url = "http://${config.services.inventree.hostName}"; config.site_url = "http://${config.services.inventree.hostName}";
secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path; secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path;
config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path; config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path;
config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path; config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path;
}; };
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
sslCertificate = config.clan.core.generators.nginx.files.sslCert.path;
sslCertificateKey = config.clan.core.generators.nginx.files.sslKey.path;
};
system.stateVersion = "25.11"; system.stateVersion = "25.11";
clan.core.sops.defaultGroups = [ "admins" ]; clan.core.sops.defaultGroups = [ "admins" ];
clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";
} }