From afc2867729df103ebb5e8a0c3ddf6f30d0a5dcfa Mon Sep 17 00:00:00 2001
From: kurogeek <kurogeek@lmvhaus.com>
Date: Fri, 3 Apr 2026 22:46:40 +0700
Subject: [PATCH] mob next [ci-skip] [ci skip] [skip ci]

lastFile:machines/procyon/configuration.nix
---
 machines/procyon/configuration.nix | 99 ++++++++++++++++++++++++++++++
 machines/procyon/disko.nix         | 83 +++++++++++++++++++++++++
 2 files changed, 182 insertions(+)
 create mode 100644 machines/procyon/configuration.nix
 create mode 100644 machines/procyon/disko.nix

diff --git a/machines/procyon/configuration.nix b/machines/procyon/configuration.nix
new file mode 100644
index 0000000..77ab029
--- /dev/null
+++ b/machines/procyon/configuration.nix
@@ -0,0 +1,99 @@
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+let
+  domain = "glom-inventory.newedge.house";
+in
+{
+  imports = [
+    inputs.self.nixosModules.inventree
+  ];
+
+  nixpkgs.overlays = [
+    inputs.self.overlays.packagesOverlay
+  ];
+
+  nixpkgs.hostPlatform = {
+    system = "x86_64-linux";
+  };
+
+  clan.core.vars.generators.inventree = {
+    files = {
+      secret-key = {
+        owner = "inventree";
+        group = "inventree";
+        secret = true;
+      };
+      oidc-key = {
+        owner = "inventree";
+        group = "inventree";
+        secret = true;
+      };
+      admin-password = {
+        owner = "inventree";
+        group = "inventree";
+        secret = true;
+      };
+    };
+    runtimeInputs = [
+      pkgs.pwgen
+      pkgs.xkcdpass
+    ];
+    script = ''
+      pwgen -s 32 1 > $out/secret-key
+      pwgen -s 32 1 > $out/oidc-key
+      xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/admin-password
+    '';
+  };
+
+  clan.core.vars.generators.nginx = {
+    files = {
+      sslCert = {
+        owner = "nginx";
+        group = "nginx";
+        secret = true;
+      };
+      sslKey = {
+        owner = "nginx";
+        group = "nginx";
+        secret = true;
+      };
+    };
+
+    runtimeInputs = [
+      pkgs.openssl
+    ];
+    script = ''
+      openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+        -keyout $out/sslKey \
+        -out $out/sslCert \
+        -subj "/CN=localhost"
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.inventree = {
+    enable = true;
+    hostName = "${domain}";
+    config.site_url = "https://${config.services.inventree.hostName}";
+    secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path;
+    config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path;
+    config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path;
+  };
+
+  # services.nginx.virtualHosts."${domain}" = {
+  #   forceSSL = true;
+  #   sslCertificate = config.clan.core.vars.generators.nginx.files.sslCert.path;
+  #   sslCertificateKey = config.clan.core.vars.generators.nginx.files.sslKey.path;
+  # };
+
+  system.stateVersion = "25.11";
+  clan.core.sops.defaultGroups = [ "admins" ];
+}
diff --git a/machines/procyon/disko.nix b/machines/procyon/disko.nix
new file mode 100644
index 0000000..6bbb54d
--- /dev/null
+++ b/machines/procyon/disko.nix
@@ -0,0 +1,83 @@
+let
+  hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}";
+  os = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
+in
+{
+
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+    };
+    efi = {
+      canTouchEfiVariables = true;
+    };
+  };
+
+  disko.devices = {
+    disk = {
+      "os-${hashDisk os}" = {
+        type = "disk";
+        device = os;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "nofail" ];
+              };
+            };
+            system = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      zroot = {
+        type = "zpool";
+        rootFsOptions = {
+          mountpoint = "none";
+          compression = "lz4";
+          acltype = "posixacl";
+          xattr = "sa";
+          "com.sun:auto-snapshot" = "true";
+        };
+        options.ashift = "12";
+        datasets = {
+          "root" = {
+            type = "zfs_fs";
+            options.mountpoint = "none";
+          };
+          "root/nixos" = {
+            type = "zfs_fs";
+            options.mountpoint = "/";
+            mountpoint = "/";
+          };
+          "root/home" = {
+            type = "zfs_fs";
+            options.mountpoint = "/home";
+            mountpoint = "/home";
+          };
+          "root/tmp" = {
+            type = "zfs_fs";
+            mountpoint = "/tmp";
+            options = {
+              mountpoint = "/tmp";
+              sync = "disabled";
+            };
+          };
+        };
+      };
+    };
+  };
+}