From 258b6ff9341b895d23bff2afc2c59d2235175fea Mon Sep 17 00:00:00 2001
From: UGA Innovation Factory <engr-ugaif@uga.edu>
Date: Tue, 16 Dec 2025 15:31:47 -0500
Subject: [PATCH] basic exteral system module

---
 .gitignore  |  3 ++
 README.md   | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 default.nix | 61 +++++++++++++++++++++++++++++++++++++
 3 files changed, 150 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 default.nix

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ce7b4b1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+result
+result-*
+.direnv/
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..689355f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,86 @@
+# USDA Dashboard System Configuration
+
+External NixOS module configuration for the usda-dash LXC container.
+
+## Overview
+
+This repository contains the system configuration for the USDA Dashboard, managed as an external module for the nixos-systems fleet.
+
+## Usage
+
+### From nixos-systems inventory.nix
+
+Replace the inline configuration with this external module:
+
+```nix
+nix-lxc = {
+  devices = {
+    "usda-dash" = builtins.fetchGit {
+      url = "https://github.com/UGA-Innovation-Factory/usda-dash-config";
+      rev = "abc123...";  # Commit hash for reproducibility
+    };
+  };
+  overrides = {
+    ugaif.host.useHostPrefix = false;
+    extraUsers = [ "sv22900" "hdh20267" ];  # Users remain in inventory
+  };
+};
+```
+
+### Local Development
+
+For testing changes locally before pushing:
+
+```nix
+nix-lxc = {
+  devices = {
+    "usda-dash" = /path/to/local/usda-dash-config;
+  };
+};
+```
+
+## Configuration Structure
+
+```
+usda-dash-config/
+├── default.nix          # Main module configuration
+├── README.md           # This file
+└── services/           # Optional: Additional service modules
+```
+
+## Module Contents
+
+The `default.nix` module includes:
+- Base system packages
+- SSH configuration
+- Service configurations (nginx, postgresql, etc.)
+- Firewall rules
+- Dashboard-specific settings
+
+## Integration
+
+This module:
+- Receives the same flake inputs as nixos-systems (nixpkgs, home-manager, etc.)
+- Can use ugaif.* options from the host type module
+- Is merged with inventory.nix overrides and extraUsers
+- Works with all build methods (LXC, Proxmox, ISO)
+
+## Development Workflow
+
+1. Make changes to `default.nix`
+2. Test locally by pointing inventory.nix to local path
+3. Build: `nix build .#nixosConfigurations.usda-dash.config.system.build.toplevel`
+4. Commit and push changes
+5. Update inventory.nix with new commit hash
+
+## Deployment
+
+After updating the configuration:
+
+```bash
+cd /path/to/nixos-systems
+# Update the rev in inventory.nix
+nix flake lock --update-input usda-dash-config  # If using flake input
+# Or just update the rev in the fetchGit call
+./deploy usda-dash
+```
diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..02d8479
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,61 @@
+{ inputs, ... }:
+
+# ============================================================================
+# USDA Dashboard External System Module
+# ============================================================================
+# External system configuration for usda-dash
+# This module can be referenced from nixos-systems/inventory.nix using:
+#
+#   nix-lxc = {
+#     devices = {
+#       "usda-dash" = builtins.fetchGit {
+#         url = "https://github.com/UGA-Innovation-Factory/usda-dash-config";
+#         rev = "commit-hash";
+#       };
+#     };
+#   };
+
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  # ========== Module Configuration ==========
+  config = {
+    # System packages specific to usda-dash
+    environment.systemPackages = with pkgs; [
+      # Add any dashboard-specific tools here
+      git
+      vim
+      htop
+      curl
+      wget
+    ];
+
+    # Enable SSH for remote access
+    services.openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+      };
+    };
+
+    # Configure users (these will be added via inventory.nix extraUsers)
+    # ugaif.users.sv22900.enable = true;
+    # ugaif.users.hdh20267.enable = true;
+
+    # Dashboard-specific services could go here
+    # Example:
+    # services.nginx.enable = true;
+    # services.postgresql.enable = true;
+
+    # Firewall configuration
+    # networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+    # Any other usda-dash specific configuration
+  };
+}