# USDA Dashboard System Configuration

External NixOS module configuration for the usda-dash LXC container.

## Overview

This repository contains the system configuration for the USDA Dashboard, managed as an external module for the nixos-systems fleet.

## Usage

### From nixos-systems inventory.nix

Replace the inline configuration with this external module:

```nix
nix-lxc = {
  devices = {
    "usda-dash" = builtins.fetchGit {
      url = "https://github.com/UGA-Innovation-Factory/usda-dash-config";
      rev = "abc123...";  # Commit hash for reproducibility
    };
  };
  overrides = {
    athenix.host.useHostPrefix = false;
    extraUsers = [ "sv22900" "hdh20267" ];  # Users remain in inventory
  };
};
```

### Local Development

For testing changes locally before pushing:

```nix
nix-lxc = {
  devices = {
    "usda-dash" = /path/to/local/usda-dash-config;
  };
};
```

## Configuration Structure

```
usda-dash-config/
├── default.nix          # Main module configuration
├── README.md           # This file
└── services/           # Optional: Additional service modules
```

## Module Contents

The `default.nix` module includes:
- Base system packages
- SSH configuration
- Service configurations (nginx, postgresql, etc.)
- Firewall rules
- Dashboard-specific settings

## Integration

This module:
- Receives the same flake inputs as nixos-systems (nixpkgs, home-manager, etc.)
- Can use athenix.* options from the host type module
- Is merged with inventory.nix overrides and extraUsers
- Works with all build methods (LXC, Proxmox, ISO)

## Development Workflow

1. Make changes to `default.nix`
2. Test locally by pointing inventory.nix to local path
3. Build: `nix build .#nixosConfigurations.usda-dash.config.system.build.toplevel`
4. Commit and push changes
5. Update inventory.nix with new commit hash

## Important Notes

### Avoiding Configuration Conflicts

External modules should generally **not** override settings that are already defined by the host type modules (like `nix-lxc`). The host type already configures:
- SSH settings
- Basic services
- Networking

Your external module should focus on:
- Application-specific packages
- Custom services unique to your application
- Application configuration files

If you need to override host type settings, use `lib.mkForce`:

```nix
services.openssh.settings.PermitRootLogin = lib.mkForce "no";
```

## Deployment

After updating the configuration:

```bash
cd /path/to/nixos-systems
# Update the rev in inventory.nix to the new commit hash
# Nix will automatically fetch the new version
nix flake check  # Verify the configuration
./deploy usda-dash
```

To force Nix to re-fetch (if you've updated the same commit):
```bash
rm -rf ~/.cache/nix/gitv3/*
nix flake check --refresh
```