{ pkgs, lib, config, modulesPath, ... }: { imports = [ "${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/qemu-guest.nix" "${modulesPath}/virtualisation/qemu-vm.nix" ../modules/erpnext.nix ]; config = { services.qemuGuest.enable = true; system.stateVersion = "23.05"; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; autoResize = true; }; boot = { growPartition = true; loader.timeout = 5; }; virtualisation = { diskSize = 8000; # MB memorySize = 2048; # MB # We don't want to use tmpfs, otherwise the nix store's size will be bounded # by a fraction of available RAM. writableStoreUseTmpfs = false; forwardPorts = [{ guest.port = 22; host.port = 2222; } { guest.port = 9090; host.port = 9090; } { guest.port = 443; host.port = 8081; }]; }; # So that we can ssh into the VM, see e.g. # http://blog.patapon.info/nixos-local-vm/#accessing-the-vm-with-ssh services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; # Give root an empty password to ssh in. users.extraUsers.root.password = ""; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU" ]; users.mutableUsers = false; networking.firewall.enable = false; networking.hosts = { "127.0.0.1" = [ "erp.momo.koeln" ]; }; environment.systemPackages = with pkgs; [ git htop neovim ]; age.secrets.erpnext-admin-password = { file = ../secrets/admin-password.age; mode = "700"; owner = "erpnext"; }; age.secrets.erpnext-db-root-password = { file = ../secrets/database-root-password.age; mode = "700"; owner = "erpnext"; }; age.secrets.erpnext-db-user-password = { file = ../secrets/database-user-password.age; mode = "700"; owner = "erpnext"; }; services.erpnext = { enable = true; domain = "localhost"; adminPasswordFile = config.age.secrets.erpnext-admin-password.path; database.rootPasswordFile = config.age.secrets.erpnext-db-root-password.path; database.userPasswordFile = config.age.secrets.erpnext-db-user-password.path; caddy = {}; }; services.caddy = { email = "admins@pub.solar"; globalConfig = '' local_certs ''; }; }; }