newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mob next [ci-skip] [ci skip] [skip ci]

Browse Source 
lastFile:machines/canopus/configuration.nix
This commit is contained in:
kurogeek
2026-04-09 17:49:48 +07:00
parent 4ad25f29fa
commit fbf0775ff6
3 changed files with 1953 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
machines/canopus/configuration.nix Normal file
View File

@@ -0,0 +1,101 @@
{
inputs,
pkgs,
config,
...
}:
let
sitename = "glomerp.newedge.house";
in
{
imports = [ inputs.frappix.nixosModules.x86_64-linux.frappix ];
nixpkgs.overlays = [
inputs.self.overlays.frappixFrappeOverlay
inputs.self.overlays.frappixLibsOverlay
inputs.self.overlays.frappixPythonOverlay
inputs.self.overlays.frappixToolsOverlay
];
clan.core.vars.generators.frappix = {
files = {
sslCertificate.secret = false;
sslCertificateKey = {
owner = "nginx";
group = "nginx";
secret = true;
};
adminPassword.secret = true;
};
runtimeInputs = with pkgs; [
openssl
xkcdpass
];
script = ''
openssl req -x509 -newkey rsa:4096 -keyout $out/sslCertificateKey -out $out/sslCertificate -sha256 -days 3650 -nodes -subj "/C=TH/ST=ChiangMai/L=ChiangMai/O=kurogeek/CN=kurogeek.home"
xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminPassword
'';
};
services.frappe = {
enable = true;
project = "poyerp";
gunicorn_workers = 2;
adminPassword = config.clan.core.vars.generators.frappix.files.adminPassword.path;
apps = [
pkgs.frappix.erpnext
];
sites = {
"${sitename}" = {
domains = [ "localhost" ];
apps = ["frappe" "erpnext"];
};
};
};
services.nginx.virtualHosts."${sitename}" = {
sslCertificate = config.clan.core.vars.generators.frappix.files.sslCertificate.path;
sslCertificateKey = config.clan.core.vars.generators.frappix.files.sslCertificateKey.path;
};
nixpkgs.hostPlatform = {
system = "x86_64-linux";
};
clan.core.vars.generators.nginx = {
files = {
sslCert = {
owner = "nginx";
group = "nginx";
secret = true;
};
sslKey = {
owner = "nginx";
group = "nginx";
secret = true;
};
};
runtimeInputs = [
pkgs.openssl
];
script = ''
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout $out/sslKey \
-out $out/sslCert \
-subj "/CN=localhost"
'';
};
networking.firewall.allowedTCPPorts = [
80
443
];
# services.nginx.virtualHosts."${domain}" = {
# forceSSL = true;
# sslCertificate = config.clan.core.vars.generators.nginx.files.sslCert.path;
# sslCertificateKey = config.clan.core.vars.generators.nginx.files.sslKey.path;
# };
system.stateVersion = "25.11";
clan.core.sops.defaultGroups = [ "admins" ];
}

83
machines/canopus/disko.nix Normal file
View File

@@ -0,0 +1,83 @@
let
hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}";
os = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
in
{
boot.loader = {
systemd-boot = {
enable = true;
};
efi = {
canTouchEfiVariables = true;
};
};
disko.devices = {
disk = {
"os-${hashDisk os}" = {
type = "disk";
device = os;
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
};
};
system = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
rootFsOptions = {
mountpoint = "none";
compression = "lz4";
acltype = "posixacl";
xattr = "sa";
"com.sun:auto-snapshot" = "true";
};
options.ashift = "12";
datasets = {
"root" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"root/nixos" = {
type = "zfs_fs";
options.mountpoint = "/";
mountpoint = "/";
};
"root/home" = {
type = "zfs_fs";
options.mountpoint = "/home";
mountpoint = "/home";
};
"root/tmp" = {
type = "zfs_fs";
mountpoint = "/tmp";
options = {
mountpoint = "/tmp";
sync = "disabled";
};
};
};
};
};
};
}

1769
machines/canopus/facter.json Normal file
View File

File diff suppressed because it is too large Load Diff