{ inputs, pkgs, config, ... }: let sitename = "poy-erp.newedge.house"; in { imports = [ inputs.frappix.nixosModules.x86_64-linux.frappix ]; nixpkgs.overlays = [ inputs.self.overlays.frappixFrappeOverlay inputs.self.overlays.frappixLibsOverlay inputs.self.overlays.frappixPythonOverlay inputs.self.overlays.frappixToolsOverlay ]; clan.core.vars.generators.frappix = { files = { sslCertificate.secret = false; sslCertificateKey = { owner = "nginx"; group = "nginx"; secret = true; }; }; runtimeInputs = [ pkgs.openssl ]; script = '' openssl req -x509 -newkey rsa:4096 -keyout $out/sslCertificateKey -out $out/sslCertificate -sha256 -days 3650 -nodes -subj "/C=TH/ST=ChiangMai/L=ChiangMai/O=kurogeek/CN=kurogeek.home" ''; }; services.frappe = { enable = true; project = "test"; gunicorn_workers = 2; sites = { "${sitename}" = { domains = [ "localhost" ]; apps = [ "frappe" "erpnext" ]; }; }; }; services.nginx.virtualHosts."${sitename}" = { sslCertificate = config.clan.core.vars.generators.frappix.files.sslCertificate.path; sslCertificateKey = config.clan.core.vars.generators.frappix.files.sslCertificateKey.path; }; nixpkgs.hostPlatform = { system = "x86_64-linux"; }; clan.core.vars.generators.nginx = { files = { sslCert = { owner = "nginx"; group = "nginx"; secret = true; }; sslKey = { owner = "nginx"; group = "nginx"; secret = true; }; }; runtimeInputs = [ pkgs.openssl ]; script = '' openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ -keyout $out/sslKey \ -out $out/sslCert \ -subj "/CN=localhost" ''; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; # services.nginx.virtualHosts."${domain}" = { # forceSSL = true; # sslCertificate = config.clan.core.vars.generators.nginx.files.sslCert.path; # sslCertificateKey = config.clan.core.vars.generators.nginx.files.sslKey.path; # }; system.stateVersion = "25.11"; clan.core.sops.defaultGroups = [ "admins" ]; }