87 lines
1.8 KiB
Nix
87 lines
1.8 KiB
Nix
{
|
|
inputs,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
domain = "glom-inventory.newedge.house";
|
|
in
|
|
{
|
|
clan.core.settings.machine.description = "VM machine that host Inventree system for Glom";
|
|
|
|
nixpkgs.hostPlatform = {
|
|
system = "x86_64-linux";
|
|
};
|
|
|
|
clan.core.vars.generators.inventree = {
|
|
files = {
|
|
secret-key = {
|
|
owner = "inventree";
|
|
group = "inventree";
|
|
secret = true;
|
|
};
|
|
oidc-key = {
|
|
owner = "inventree";
|
|
group = "inventree";
|
|
secret = true;
|
|
};
|
|
admin-password = {
|
|
owner = "inventree";
|
|
group = "inventree";
|
|
secret = true;
|
|
};
|
|
};
|
|
runtimeInputs = [
|
|
pkgs.pwgen
|
|
pkgs.xkcdpass
|
|
];
|
|
script = ''
|
|
pwgen -s 32 1 > $out/secret-key
|
|
pwgen -s 32 1 > $out/oidc-key
|
|
xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/admin-password
|
|
'';
|
|
};
|
|
|
|
clan.core.vars.generators.nginx = {
|
|
files = {
|
|
sslCert = {
|
|
owner = "nginx";
|
|
group = "nginx";
|
|
secret = true;
|
|
};
|
|
sslKey = {
|
|
owner = "nginx";
|
|
group = "nginx";
|
|
secret = true;
|
|
};
|
|
};
|
|
|
|
runtimeInputs = [
|
|
pkgs.openssl
|
|
];
|
|
script = ''
|
|
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
|
|
-keyout $out/sslKey \
|
|
-out $out/sslCert \
|
|
-subj "/CN=localhost"
|
|
'';
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
services.inventree = {
|
|
enable = true;
|
|
inherit domain;
|
|
secretKeyFile = config.clan.core.vars.generators.inventree.files.secret-key.path;
|
|
adminPasswordFile = config.clan.core.vars.generators.inventree.files.admin-password.path;
|
|
settings.INVENTREE_SITE_URL = "https://${domain}";
|
|
};
|
|
|
|
system.stateVersion = "25.11";
|
|
clan.core.sops.defaultGroups = [ "admins" ];
|
|
}
|