newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1d823afe58e14865e2f84fc79a470873cfb176c6
infra/machines/canopus/configuration.nix
T

146 lines
3.4 KiB
Nix
Raw Blame History

{
inputs,
pkgs,
config,
...
}:
let
sitename = "glomerp.newedge.house";
nbClientName = "netbird-b4l";
in
{
imports = [ inputs.frappix.nixosModules.x86_64-linux.frappix ];
nixpkgs.overlays = [
inputs.self.overlays.frappixFrappeOverlay
inputs.self.overlays.frappixLibsOverlay
inputs.self.overlays.frappixPythonOverlay
inputs.self.overlays.frappixToolsOverlay
];
clan.core.vars.generators.frappix = {
files = {
sslCertificate.secret = false;
sslCertificateKey = {
owner = "nginx";
group = "nginx";
secret = true;
};
adminPassword.secret = true;
};
runtimeInputs = with pkgs; [
openssl
xkcdpass
];
script = ''
openssl req -x509 -newkey rsa:4096 -keyout $out/sslCertificateKey -out $out/sslCertificate -sha256 -days 3650 -nodes -subj "/C=TH/ST=ChiangMai/L=ChiangMai/O=kurogeek/CN=kurogeek.home"
xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminPassword
'';
};
clan.core.vars.generators.netbird = {
files = {
setupKey = {
secret = true;
owner = config.services.netbird.clients.${nbClientName}.user.name;
group = config.services.netbird.clients.${nbClientName}.user.group;
};
managementURL.secret = false;
};
prompts = {
setupKey = {
type = "line";
persist = true;
description = "Setup Key to connect to the server";
};
};
script = ''
cat $prompts/setupKey > $out/setupKey
'';
};
services.netbird.enable = true;
services.netbird.clients.${nbClientName} = {
port = 51820;
config = {
ManagementURL = {
"Scheme" = "https";
"Host" = "netbird.b4l.co.th:443";
};
};
login = {
enable = true;
setupKeyFile = config.clan.core.vars.generators.netbird.files.setupKey.path;
};
};
services.frappe = {
enable = true;
project = "glomerp";
gunicorn_workers = 2;
adminPassword = config.clan.core.vars.generators.frappix.files.adminPassword.path;
apps = [
pkgs.frappix.erpnext
pkgs.frappix.hrms
];
sites = {
"${sitename}" = {
domains = [ "localhost" ];
apps = [
"frappe"
"erpnext"
"hrms"
];
};
};
};
services.nginx.virtualHosts."${sitename}" = {
sslCertificate = config.clan.core.vars.generators.frappix.files.sslCertificate.path;
sslCertificateKey = config.clan.core.vars.generators.frappix.files.sslCertificateKey.path;
};
nixpkgs.hostPlatform = {
system = "x86_64-linux";
};
clan.core.vars.generators.nginx = {
files = {
sslCert = {
owner = "nginx";
group = "nginx";
secret = true;
};
sslKey = {
owner = "nginx";
group = "nginx";
secret = true;
};
};
runtimeInputs = [
pkgs.openssl
];
script = ''
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout $out/sslKey \
-out $out/sslCert \
-subj "/CN=localhost"
'';
};
networking.firewall.allowedTCPPorts = [
80
443
];
# services.nginx.virtualHosts."${domain}" = {
# forceSSL = true;
# sslCertificate = config.clan.core.vars.generators.nginx.files.sslCert.path;
# sslCertificateKey = config.clan.core.vars.generators.nginx.files.sslKey.path;
# };
system.stateVersion = "25.11";
clan.core.sops.defaultGroups = [ "admins" ];
}
Reference in New Issue View Git Blame Copy Permalink