mob next [ci-skip] [ci skip] [skip ci]

lastFile:machines/canopus/configuration.nix
2026-04-09 17:49:48 +07:00
parent 4ad25f29fa
commit fbf0775ff6
3 changed files with 1953 additions and 0 deletions
--- a/machines/canopus/configuration.nix
+++ b/machines/canopus/configuration.nix
@@ -0,0 +1,101 @@
+{
+  inputs,
+  pkgs,
+  config,
+  ...
+}:
+let
+  sitename = "glomerp.newedge.house";
+in
+{
+  imports = [ inputs.frappix.nixosModules.x86_64-linux.frappix ];
+  nixpkgs.overlays = [
+    inputs.self.overlays.frappixFrappeOverlay
+    inputs.self.overlays.frappixLibsOverlay
+    inputs.self.overlays.frappixPythonOverlay
+    inputs.self.overlays.frappixToolsOverlay
+  ];
+
+  clan.core.vars.generators.frappix = {
+    files = {
+      sslCertificate.secret = false;
+      sslCertificateKey = {
+        owner = "nginx";
+        group = "nginx";
+        secret = true;
+      };
+      adminPassword.secret = true;
+    };
+    runtimeInputs = with pkgs; [
+      openssl
+      xkcdpass
+    ];
+    script = ''
+      openssl req -x509 -newkey rsa:4096 -keyout $out/sslCertificateKey -out $out/sslCertificate -sha256 -days 3650 -nodes -subj "/C=TH/ST=ChiangMai/L=ChiangMai/O=kurogeek/CN=kurogeek.home" 
+      xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminPassword
+    '';
+  };
+
+  services.frappe = {
+    enable = true;
+    project = "poyerp";
+    gunicorn_workers = 2;
+    adminPassword = config.clan.core.vars.generators.frappix.files.adminPassword.path;
+    apps = [
+      pkgs.frappix.erpnext
+    ];
+    sites = {
+      "${sitename}" = {
+        domains = [ "localhost" ];
+        apps = ["frappe" "erpnext"];
+      };
+    };
+  };
+  services.nginx.virtualHosts."${sitename}" = {
+    sslCertificate = config.clan.core.vars.generators.frappix.files.sslCertificate.path;
+    sslCertificateKey = config.clan.core.vars.generators.frappix.files.sslCertificateKey.path;
+  };
+
+  nixpkgs.hostPlatform = {
+    system = "x86_64-linux";
+  };
+
+  clan.core.vars.generators.nginx = {
+    files = {
+      sslCert = {
+        owner = "nginx";
+        group = "nginx";
+        secret = true;
+      };
+      sslKey = {
+        owner = "nginx";
+        group = "nginx";
+        secret = true;
+      };
+    };
+
+    runtimeInputs = [
+      pkgs.openssl
+    ];
+    script = ''
+      openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
+        -keyout $out/sslKey \
+        -out $out/sslCert \
+        -subj "/CN=localhost"
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  # services.nginx.virtualHosts."${domain}" = {
+  #   forceSSL = true;
+  #   sslCertificate = config.clan.core.vars.generators.nginx.files.sslCert.path;
+  #   sslCertificateKey = config.clan.core.vars.generators.nginx.files.sslKey.path;
+  # };
+
+  system.stateVersion = "25.11";
+  clan.core.sops.defaultGroups = [ "admins" ];
+}