erpnext-nix/test-vm/configuration.nix

{ pkgs, lib, config, modulesPath, ... }:
{
  imports = [
    "${modulesPath}/profiles/minimal.nix"
    "${modulesPath}/profiles/qemu-guest.nix"
    "${modulesPath}/virtualisation/qemu-vm.nix"
    ../modules/erpnext.nix
  ];

  config = {
    services.qemuGuest.enable = true;
    system.stateVersion = "23.05";

    fileSystems."/" = {
      device = "/dev/disk/by-label/nixos";
      fsType = "ext4";
      autoResize = true;
    };

    boot = {
      growPartition = true;
      loader.timeout = 5;
    };

    virtualisation = {
      diskSize = 8000; # MB
      memorySize = 2048; # MB

      # We don't want to use tmpfs, otherwise the nix store's size will be bounded
      # by a fraction of available RAM.
      writableStoreUseTmpfs = false;

      forwardPorts = [{
        guest.port = 22;
        host.port = 2222;
      } {
        guest.port = 9090;
        host.port = 9090;
      } {
        guest.port = 443;
        host.port = 8081;
      }];
    };

    # So that we can ssh into the VM, see e.g.
    # http://blog.patapon.info/nixos-local-vm/#accessing-the-vm-with-ssh
    services.openssh.enable = true;
    services.openssh.settings.PermitRootLogin = "yes";
    # Give root an empty password to ssh in.
    users.extraUsers.root.password = "";
    users.users.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU"
    ];
    users.mutableUsers = false;
    networking.firewall.enable = false;
    networking.hosts = {
      "127.0.0.1" = [ "erp.momo.koeln" ];
    };

    environment.systemPackages = with pkgs; [
      git
      htop
      neovim
    ];

    age.secrets.erpnext-admin-password = {
      file = ../secrets/admin-password.age;
      mode = "700";
      owner = "erpnext";
    };
    age.secrets.erpnext-db-root-password = {
      file = ../secrets/database-root-password.age;
      mode = "700";
      owner = "erpnext";
    };
    age.secrets.erpnext-db-user-password = {
      file = ../secrets/database-user-password.age;
      mode = "700";
      owner = "erpnext";
    };

    services.erpnext = {
      enable = true;
      domain = "localhost";
      adminPasswordFile = config.age.secrets.erpnext-admin-password.path;
      database.rootPasswordFile = config.age.secrets.erpnext-db-root-password.path;
      database.userPasswordFile = config.age.secrets.erpnext-db-user-password.path;
      caddy = {};
    };
    services.caddy = {
      email = "admins@pub.solar";
      globalConfig = ''
        local_certs
      '';
    };
  };
}