snipe-it

2025-09-26 14:51:27 +02:00 · 2025-09-26 14:51:27 +02:00 · e085b8d286
commit e085b8d286
parent 995671dd46
6 changed files with 58 additions and 36 deletions
--- a/hosts/ds9/containers.nix
+++ b/hosts/ds9/containers.nix
@ -29,7 +29,6 @@ in
 {
  imports = [
    ./authentik.nix
-    ./part-db.nix
  ];
  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
  networking.firewall.interfaces."podman+".allowedTCPPorts = [
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@ -22,6 +22,7 @@ in
    ./woodpecker.nix
    ./attic.nix
    ./ytdl-sub.nix
+    ./snipe-it.nix

    ../../nixos-modules/networking/tailscale.nix
    ../../nixos-modules/services/docker.nix
@ -257,10 +258,6 @@ in
      handle @grafana {
        import podmanRedirWithAuth http://grafana:3000 
      }
-      @hoard host hoard.hailsatan.eu
-      handle @hoard {
-        import podmanRedirWithAuth http://partdb-server:80
-      }
      @immich host immich.hailsatan.eu
      handle @immich {
        import podmanRedir http://immich-server:2283
@ -290,6 +287,12 @@ in
          import podmanRedirWithAuth http://archivebox:8000 
        }
      }
+      @snipe-it host snipe-it.hailsatan.eu
+      handle @snipe-it {
+        root * ${pkgs.snipe-it}/share/php/snipe-it/public
+        php_fastcgi unix//${config.services.phpfpm.pools."snipe-it".socket}
+        file_server
+      }
      @copyparty host c.hailsatan.eu
      handle @copyparty {
        # @proxy {
--- a/hosts/ds9/part-db.nix
+++ b/hosts/ds9/part-db.nix
@ -1,31 +0,0 @@
-{ pkgs, config, lib, inputs, ... }:
-{
-  ragon.agenix.secrets.ds9PartDbEnv = { };
-  virtualisation.quadlet =
-    {
-      containers = {
-        partdb-server.containerConfig.image = "jbtronics/part-db1";
-        partdb-server.containerConfig.networks = [
-          "db-net"
-          "podman"
-        ];
-        partdb-server.containerConfig.volumes = [
-          "partdb-uploads:/var/www/html/uploads"
-          "partdb-media:/var/www/html/public/media"
-        ];
-        partdb-server.containerConfig.environments = {
-          APP_ENV = "docker";
-          DEFAULT_LANG = "en";
-          DEFAULT_TIMEZONE = "Europe/Berlin";
-          BASE_CURRENCY = "EUR";
-          INSTANCE_NAME = "xynos_hoard";
-          TRUSTED_PROXIES = "10.88.0.0/16";
-          DEFAULT_URI = "https://hoard.hailsatan.eu/";
-        };
-        partdb-server.serviceConfig.TimeoutStartSec = "60";
-        partdb-server.containerConfig.environmentFiles = [
-          config.age.secrets.ds9PartDbEnv.path
-        ];
-      };
-    };
-}
--- a/hosts/ds9/snipe-it.nix
+++ b/hosts/ds9/snipe-it.nix
@ -0,0 +1,33 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+with lib;
+{
+  users.users.nginx.isSystemUser = true;
+  users.users.nginx.group = "nginx";
+  users.groups.nginx = { };
+  services.nginx.enable = mkForce false;
+  services.nginx.virtualHosts."snipe-it" = mkForce null;
+  users.users.caddy.extraGroups = [ config.services.snipe-it.group ];
+  ragon.agenix.secrets.ds9SnipeIt = {
+    group = config.services.snipe-it.group;
+    owner = config.services.snipe-it.user;
+    mode = "440";
+  };
+  services.snipe-it = {
+    enable = true;
+    database.createLocally = true;
+    mail.driver = "sendmail";
+    appURL = "https://snipe-it.hailsatan.eu";
+    hostName = "snipe-it";
+    appKeyFile = config.age.secrets.ds9SnipeIt.path;
+    mail.from.address = "root@hailsatan.eu";
+  };
+  ragon.persist.extraDirectories = [
+    config.services.snipe-it.dataDir
+  ];
+
+}
--- a/secrets/ds9SnipeIt.age
+++ b/secrets/ds9SnipeIt.age
@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 IbXxfw HOpoAWyr5HuYLh9TA48HuNW+73mnQPkC9DMaGdz0AW0
+T9AQmg5BARXjJkevOq6s9gdrQgAG4b6Ub0Yo+AP0hzA
+-> ssh-ed25519 ugHWWw 3KnPX16drKjMlmS0gPuAT8gm6RthZTelMYxvT/yD3CQ
+ch/7UEEnO/upd29lyFQvGxbHUHVRNiLSFvTr2ey6R44
+-> ssh-ed25519 UU9RSA wSi2KHNLeMOuP9M4u2DHyc/QDv5oba9LPJs+zZMJkFs
+1PGdZmbKKoBNECUpWIPb5STpyLqb5WEASN6jYzOwpz4
+-> ssh-ed25519 RJI3BA iQoHW3BmTQyl0QOOrnNXDqPQn+aKXgJdO7G00SZ2Azo
+6+EKlzmTzitWwfZ1VQoIUXMH/9RAL65tJCe0zpANBWY
+-> ssh-ed25519 XnvJKw NUqLDVf0gk0sxHrwX2V12YILLLP3+Tq7uLpSDfbyaxE
+wF4fB54laXRyMhFhxaJaQsB5F0eDWWGA8zWD44/C+Tw
+-> ssh-ed25519 7NL5Ng 1qR9M4pKnqD76ulq0xNJ0pUmwE9zWIQsKExopLnm6lg
+sQEng94JhgyfNwb4YCSJ0V4NTSRpJ0N3n75VRt0FZ+g
+-> ssh-ed25519 5Sll2Q Bi+daF3RmdIulBxATEVXkyHaIZeeRPDAa0gmmm256S4
+fxw+qlId0NHUgokzWviInNFyHJnmj0pOULKexX0GsFE
+--- 5LZArBekmUDjKr5U/c8Vi5419olBKbUkll0rNNolJwA
+pVŽ“è¤¤
 ¢Ù8T³ô%?&˜Å<01>«<EFBFBD>~c}uÉr¼«õòX|îZU²qo7¥m}ÒóæYñ.:zRp1j<31>0,•ÅX<C385>)ÁÆK{[)l
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -18,6 +18,7 @@ in
  "ds9OffsiteBackupSSH.age".publicKeys = pubkeys.ragon.host "ds9";
  "ds9SyncoidHealthCheckUrl.age".publicKeys = pubkeys.ragon.host "ds9";
  "ds9DynDns.age".publicKeys = pubkeys.ragon.host "ds9";
+  "ds9SnipeIt.age".publicKeys = pubkeys.ragon.host "ds9";
  "ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9";
  "ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9";
  "ds9AuthentikEnv.age".publicKeys = pubkeys.ragon.host "ds9";