newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
24749909c97b137b6987d4e412c6b0f94930ca90
infra/machines/hadar/configuration.nix
kurogeek 24749909c9 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:machines/hadar/configuration.nix
2026-03-26 15:19:28 +07:00

97 lines
2.2 KiB
Nix
Raw Blame History

{
inputs,
config,
pkgs,
...
}:
let
domain = "inventory.poyrecords.newedge.house";
in
{
imports = [
inputs.self.nixosModules.inventree
];
nixpkgs.overlays = [
inputs.self.overlays.packagesOverlay
];
nixpkgs.hostPlatform = {
system = "x86_64-linux";
};
clan.core.vars.generators.inventree = {
files = {
secret-key = {
owner = "inventree";
group = "inventree";
secret = true;
};
oidc-key = {
owner = "inventree";
group = "inventree";
secret = true;
};
admin-password = {
owner = "inventree";
group = "inventree";
secret = true;
};
};
runtimeInputs = [
pkgs.pwgen
pkgs.xkcdpass
];
script = ''
pwgen -s 32 1 > $out/secret-key
pwgen -s 32 1 > $out/oidc-key
xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/admin-password
'';
};
clan.core.vars.generators.nginx = {
files = {
sslCert = {
owner = "nginx";
group = "nginx";
secret = true;
};
sslKey = {
owner = "nginx";
group = "nginx";
secret = true;
};
};
runtimeInputs = [
pkgs.openssl
];
script = ''
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout $out/sslKey \
-out $out/sslCert \
-subj "/CN=localhost"
'';
};
networking.firewall.allowedTCPPorts = [ 80 ];
services.inventree = {
enable = true;
hostName = domain;
config.site_url = "http://${config.services.inventree.hostName}";
secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path;
config.oidc_private_key_file = config.clan.core.vars.generators.inventree.files.oidc-key.path;
config.adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path;
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
sslCertificate = config.clan.core.vars.generators.nginx.files.sslCert.path;
sslCertificateKey = config.clan.core.vars.generators.nginx.files.sslKey.path;
};
system.stateVersion = "25.11";
clan.core.sops.defaultGroups = [ "admins" ];
}
Reference in New Issue View Git Blame Copy Permalink